Bug Report - SPF Check not RFC compliant
-
Hello,
I recently restructured SPF records and noticed that cloudrons chcek for a correct SPF record ist not rfc compliant.
It seems to me that the SPF check in the UI (Email -> Domains) fails to check any include statements in the SPF-TXT record for a domain. This leads to cloudron reporting an incorrect SPF record despite the SPF record being correct.
Cloudron is expecting something like
TXT in foo.com
v=spf1 a:bar.foo.com ~alland reports an error for
TXT in bar.com
v=spf1 include:_spf.foo.com ~allTXT in _spf.foo.com
v=spf1 a:bar.foo.com ~allDespite being a correct SPF record, with less than 10 recursive DNS Querries needed.
I totally understand why the webinterface "recommends" me to use the expected value, being easier to understand and more user friendly. Nevertheless I would expect cloudron to not report a correct (and working) SPF record as faulty.
For reference: https://datatracker.ietf.org/doc/html/rfc7208#section-4.6
-
Right, the check is simply hardcoded to check for a: entry in the SPF. To check all the possibilities would be quite complicated, since we will have to implement the full SPF spec just for diagnostics.
(What you see on the dashboard is just a diagnostic. The mail server Haraka has a fuller SPF implementation).
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login