Error not showing for necessary checks of number for DNS lookups

[sdebarun]

I am checking a domain here and it gives me an error related to required number of DNS look up to evaluate the spf. But If I use this piece of code from the library documentation, $record = (new \SPFLib\Decoder())->getRecordFromTXT($spfString); $issues = (new \SPFLib\SemanticValidator())->validate($record); foreach ($issues as $key => $issue) { echo $issue, "\n"; } I am not getting any thing similar. I would like to know why there is a difference in result between the library and https://dmarcian.com/ and if anything I can do to fix it. Thank You,

[mlocati]

This library checks direct the DNS lookups only. In your case, we have this SPF record

v=spf1 mx a include:spf.smartemailing.cz include:spf.mailkit.eu include:_spf.google.com ip4:90.181.224.125 ip4:178.238.37.227 ~all

that's a total of 5 queries (mx + a + include + include + include). It seems that dmarcian.com also check the SPF records of the "included" records too:

• spf.smartemailing.cz at the moment resolves to

  v=spf1 ip4:193.19.178.128/27 ip4:193.19.178.159 ip4:193.19.178.162 ip4:37.46.82.0/28 ip4:130.193.9.208/28 ip4:130.193.12.56 ip4:193.19.178.96/27 ip4:37.46.82.240/28 ip4:45.76.88.183 ip4:45.77.53.19 ip4:104.207.131.63 include:spf1.smartemailing.cz ~all

  which has 1 more lookup (the include:spf1.smartemailing.cz)

• spf1.smartemailing.cz at the moment resolves to

  v=spf1 ip4:130.193.10.92 ip4:37.157.195.119 ip4:37.46.80.113 ip4:37.157.198.12 ip4:139.162.160.87 ip4:139.162.238.27 ip4:37.157.197.190 ip6:2a02:2b88:2:1::4a1d:1 ip6:2a02:2b88:2:1::4b41:1 ip6:2a03:b0c0:3:d0::f:b001 include:spf2.smartemailing.cz ~all

  which has 1 more lookup (the include:spf2.smartemailing.cz)

• spf2.smartemailing.cz at the moment resolves to

  v=spf1 ip4:109.123.217.128/25 ip4:83.167.240.128/25 ip4:46.234.109.128/25 ip4:45.63.116.226 ip4:45.76.87.101 ip4:45.76.88.107 ip4:46.101.167.208 ip4:37.46.82.160/27 ip4:37.46.80.136 include:spf3.smartemailing.cz ~all

  which has 1 more lookup (the include:spf3.smartemailing.cz)

• spf3.smartemailing.cz at the moment resolves to

  v=spf1 ip4:130.193.14.240/28 ip4:130.193.14.192/28 ip4:130.193.12.157 ip4:130.193.14.128/28 ip4:130.193.14.176/28 ip4:130.193.10.185 ~all

  no lookups here

• spf.mailkit.eu at the moment resolves to

  v=spf1 ip4:217.11.236.80/28 ip4:185.136.200.0/22 ~all

  no lookups here

• _spf.google.com at the moment resolves to

  v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all

  which has 3 more lookup (the include:...)

• _netblocks.google.com at the moment resolves to

  v=spf1 ip4:35.190.247.0/24 ip4:64.233.160.0/19 ip4:66.102.0.0/20 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:74.125.0.0/16 ip4:108.177.8.0/21 ip4:173.194.0.0/16 ip4:209.85.128.0/17 ip4:216.58.192.0/19 ip4:216.239.32.0/19 ~all

  no lookups here

• _netblocks2.google.com at the moment resolves to

  v=spf1 ip6:2001:4860:4000::/36 ip6:2404:6800:4000::/36 ip6:2607:f8b0:4000::/36 ip6:2800:3f0:4000::/36 ip6:2a00:1450:4000::/36 ip6:2c0f:fb50:4000::/36 ~all

  no lookups here

• _netblocks3.google.com at the moment resolves to

  v=spf1 ip4:172.217.0.0/19 ip4:172.217.32.0/20 ip4:172.217.128.0/19 ip4:172.217.160.0/20 ip4:172.217.192.0/19 ip4:172.253.56.0/21 ip4:172.253.112.0/20 ip4:108.177.96.0/19 ip4:35.191.0.0/16 ip4:130.211.0.0/22 ~all

  no lookups here

And that's a total of 11 lookups (the value reported by dmarcian).

[sdebarun]

So I have ran an recursion and it gives me the desired output like dmarcian. But I cannot return the final value as returning will stop the recusrsion. Please take a look in the code and it will be very much helpful if you can help me out. I made the recursion with lumen(micro framework of Laravel) by tinkering the core code (in SemanticValidator by adding return $count at line 85) and returning counts all the time of all the domains included in it. I have a bit success but did not achieve what I exactly wanted. I got the counts of the individual domains of the included domains too but failed to add them all and get a final sum to check if it is greater than 10 or not. Here is my lumen code of the controller.

public function validateSpf($domain){
            //$originalDomainSpfLookUpCount = [];
            $decoder = new \SPFLib\Decoder();
            $originalSpf = $decoder->getRecordFromDomain($domain);
            $record = (new \SPFLib\Decoder())->getRecordFromTXT($originalSpf);
            $issues = (new \SPFLib\SemanticValidator())->validate($record);
            $originalDomainSpfLookUpCount[] = isset($issues['totalCount']) ? $issues['totalCount'] : false ;
            // return $originalDomainSpfLookUpCount;
            //looking for how many included domains are there.

            $partsOfSpf = explode(' ', $originalSpf );
            $includeddomains = [];
            foreach($partsOfSpf as $key => $part){
                $includeddomains[] = str_replace('include:','',strstr($part,"include:"));
                $includeddomains = array_filter($includeddomains);
                // str_replace('inlcude:','');
            }
            //return $includeddomains;

            //running recursion
            if(count($includeddomains) > 0){
                foreach($includeddomains as $index => $include){
                    $this->validateSpf($include);
                }
            }

            echo "<pre>";
            print_r($originalDomainSpfLookUpCount[0]);
            echo "</pre>";
        }

        public function validatedOutput(Request $request){
            return $this->validateSpf($request->domain);
        }

[sdebarun]

Hi, I have done a fresh installation of the package. But Yet I am not getting the count as dmarcian.com. it still returns count 5 for kojenecke-obleceni.eu. Do I need to do something else? I am running this code

   $decoder = new \SPFLib\Decoder();
    $spf = $decoder->getRecordFromDomain('kojenecke-obleceni.eu');
    $record = (new \SPFLib\Decoder())->getRecordFromTXT($spf);
    $issues = (new \SPFLib\SemanticValidator())->validate($record);
    foreach ($issues as $issue) {
        echo (string) $issue, "\n";
    }

[mlocati]

You should use OnlineSemanticValidator instead of SemanticValidator - see the relevant README.md section.

In any case, I haven't published a new SPFLib version including it yet: keep an eye at the releases page. You can be notified for new releases via email by choosing the Watch → Releases only option you can find top right:

[mlocati]

I've just published version 3.1.0 with this new OnlineSemanticValidator class.