praseodym
commented
1 year ago Maybe we should allow registering sender IP addresses in ConfigOOIs, so we can validate the SPF records based on that information?
Open underdarknl opened 1 year ago
praseodym
commented
1 year ago Maybe we should allow registering sender IP addresses in ConfigOOIs, so we can validate the SPF records based on that information?
underdarknl
commented
1 year ago Thats an excellent plan! Those Configs could even be auto-created from log-sources at some point.
Related to: https://github.com/minvws/nl-kat-coordination/issues/957
Is your feature request related to a problem? Please describe. SPF records can contain macros as defined here, which would result in hostname like objects that the spf parser needs to understand in relation to the sending IP to validate if a given IP can send emails for a given domain
The specs are here: https://datatracker.ietf.org/doc/html/rfc7208#section-7
What can you do with marcos? https://www.jamieweb.net/blog/using-spf-macros-to-solve-the-operational-challenges-of-spf/
Describe the solution you'd like We need to parse these strings and create a useful representation in the graph. However, as we currently don't have any information on where emails are being send from, we cannot yet validate those senders against these marco records. We can however see if they follow the rfc in terms of formatting.