0

In tutorial I found this example record for SPF, but the a and include keywords wasn't explained. I don't find accurate information about them in the internet.

v=spf1 mx a ptr ip4:46.16.60.0/23 a:cdmon.com include:srv.cat ~all
NeDark
  • 463
  • 1
  • 6
  • 10

2 Answers2

1
  • "a" keyword: This adds the IP addresses which are the A- or AAAA-Record of the same Domain. See also the RFC on the "a" mechanism: https://www.rfc-editor.org/rfc/rfc7208#section-5.3

    This mechanism matches if <ip> is one of the 's IP addresses. For clarity, this means the "a" mechanism also matches AAAA records.

  • include keyword: This includes the SPF record of the specified domain. The RFC says for this:

    The "include" mechanism triggers a recursive evaluation of check_host().

    1. The is expanded as per Section 7.

    2. check_host() is evaluated with the resulting string as the . The and arguments remain the same as in the current evaluation of check_host().

    3. The recursive evaluation returns match, not-match, or an error.

    4. If it returns match, then the appropriate result for the "include" mechanism is used (e.g., include or +include produces a "pass" result and -include produces "fail").

    5. If it returns not-match or an error, the parent check_host() resumes processing as per the table below, with the previous value of restored.

    [...]

    The "include" mechanism makes it possible for one domain to designate multiple administratively independent domains. For example, a vanity domain "example.net" might send mail using the servers of administratively independent domains example.com and example.org.

Community
  • 1
sebix
  • 4,313
  • 2
  • 29
  • 47
1

Let me break it down, segment by segment:

  1. v=spf1: SPF version 1 (v=version)
  2. a: Originates from an email server (IP) that has a corresponding A record on the domain in question.
  3. ptr: This is deprecated, and should not be used - see https://www.rfc-editor.org/rfc/rfc7208#section-5.5
  4. ip4:46.16.60.0/23: originates from an email server within CIDR range specificed.
  5. a:cdmon.com: originates from an email server (IP) that has a corresponding A record on the specified zone (cdmon.com).
  6. include:srv.cat: includes the SPF record from the specified zone/record.
  7. ~all: this instructs email servers to 'softfail' if SPF does not pass (a condition specified is not met)
Community
  • 1
Ashley Primo
  • 405
  • 2
  • 10
  • How can you interprete srv.cat as zone/record? What other values are allowed here? – NeDark Jan 08 '21 at 08:52
  • The mail server will essentially do a DNS lookup for an SPF (TXT) record at the specified location, any FQDN with a corresponding SPF (TXT) record is valid. See RFC reference: https://tools.ietf.org/html/rfc7208#section-5.2 – Ashley Primo Jan 08 '21 at 10:14