returns unknown for permfail records

dark-arc commented 6 years ago

I'm using pyspf to validate a list of domains include our servers in their SPF and it gives unknown instead of permerror for badly formed SPF records

I've seen this in the following instances:

too many includes (over 10)
multiple SPF records
too many void records
too many invalid policies (see example)

def check_spf(address, domain):
    """ Check a domain SPF record for the given IPs """
    chk = spf.check(i=address, s=domain, h=domain)
    if __name__ == '__main__':
        print("{}:{}".format(address, chk[0]))
    return chk[0]

check_spf("pyspf.clancs.co.uk", "10.10.10.10") // or any IP address,

I would expect the above to return permerror, not unknown... This doesn't make it unusable but is a confusing result as the RFC doesn't support an unknown result.

kitterma commented 6 years ago

You're using legacy (pre-RFC) API from pyspf version 1. Use check2 instead:

print spf.check(i='1.1.1.1', s='test@pyspf.clancs.co.uk', h='pyspf.clancs.co.uk') ('unknown', 550, 'SPF Permanent Error: No valid SPF record for included domain: spf.example.com: include:spf.example.com') print spf.check2(i='1.1.1.1', s='test@pyspf.clancs.co.uk', h='pyspf.clancs.co.uk') ('permerror', 'SPF Permanent Error: No valid SPF record for included domain: spf.example.com: include:spf.example.com')

kitterma commented 6 years ago

The docstrings for check and check2 should make this clear.

sdgathman / pyspf

returns unknown for permfail records #3