An SPF record should always be terminated by a closing "all" or "redirect" mechanism

mlocati / spf-lib

PHP library to parse, build and validate SPF (Sender Policy Framework) DNS records

MIT License

54 stars 6 forks source link

An SPF record should always be terminated by a closing "all" or "redirect" mechanism #28

Open Pascal76 opened 1 year ago

Pascal76 commented 1 year ago

\SPFLib\OnlineSemanticValidator should raise an error or warning for such content: v=spf1 ip4:185.132.182.57 from spf-0016fe01.pphosted.com (from nl-it.privalia.com)

mlocati commented 1 year ago

The RFC doesn't declare that an SPF record must be terminated with "all" or with "redirect".

Here's what it says:

If none of the mechanisms match and there is no "redirect" modifier, then the check_host() returns a result of "neutral", just as if "?all" were specified as the last directive.

Pascal76 commented 1 year ago

That is the error I got here: https://dnschecker.org/spf-record-validation.php

mlocati commented 1 year ago

This library has been written by following the rules specified in RFC 7208; I don't think I'm not going to update the library to reflect what other services do, in particular if they don't follow the RFC,

Pascal76 commented 1 year ago

maybe just a warning / notice (not an error) , saying the rule is not enforced ?