MoinQ:

1. SPF

SPFは酸っぱいブドウなのか。https://datatracker.ietf.org/doc/html/rfc7208

/leopalace21.com

SPF Record Testing Tools https://www.kitterman.com/spf/validate.html?

https://salt.iajapan.org/wpmu/anti_spam/admin/tech/explanation/spf/

SmartConnect

spfレコードの記述 マネージドサーバ https://support.mngsv.jp/mnl/set/n07/

1.1. SMTPとの関係

MAIL FROMコマンドで送られるドメインがSPFレコードのチェックに使用されるドメイン

https://dmarcian.com/spf-survey/ SPF Record Check

https://pypi.org/project/pyspf/#files

1.2. spfquery

この名前で使えるツールがいくつかある。

$ /var/qmail/bin/spfquery 54.240.25.4 amazon.co.jp amazon.co.jp
result=pass
Received-SPF: pass (localhost: SPF record at amazonses.com designates 54.240.25.4 as permitted sender)

netqmailでのSPFエラーはタイミングからみの可能性を示している。調査は厄介だ。

1.3. SPF と転送

https://salt.iajapan.org/wpmu/anti_spam/admin/operation/suggestion/spf-sugg_a02/

1.4. SPF record type

https://datatracker.ietf.org/doc/html/rfc7208

The use of alternative DNS RR types that was formerly supported
 during the experimental phase of SPF was discontinued in 2014.
 SPF records must now only be published as a DNS TXT (type 16) Resource Record (RR) [RFC1035].
 See RFC 7208 for further detail on this change.

http://www.openspf.org/

https://www.uriports.com/tools


co.jp ドメインを対象に、NSレコードでドメイン内の名前だけを指定している1436のドメインを調査しました。

spfレコードの内容を精査してみます。 -- ToshinoriMaeno 2011-01-30 01:28:47

spf1\040mx\040-all

2

spf1\040mx\040~all

23

spf1\040+mx\040-all

4

spf1\040+mx\040~all

4

include:aspmx.googlemail.com

19

include:_spf.google.com

10

-all

70

~all

275

?all

10


/

1.5. rfc7208

SPF でいう DNS lookup 数と制限

4.6.4. DNS Lookup Limits

   Some mechanisms and modifiers (collectively, "terms") cause DNS
   queries at the time of evaluation, and some do not.

   The following terms cause DNS queries: the "include", "a", "mx", "ptr", and
   "exists" mechanisms, and the "redirect" modifier.

   SPF implementations MUST limit the total number of those terms to 10
   during SPF evaluation, to avoid unreasonable load on the DNS.
   If this limit is exceeded, the implementation MUST return "permerror".

   The other terms -- the "all", "ip4", and "ip6" mechanisms, and the
   "exp" modifier -- do not cause DNS queries at the time of SPF
   evaluation (the "exp" modifier only causes a lookup at a later time),
   and their use is not subject to this limit.

MoinQ: DNS/運用/SPF (last edited 2023-06-28 04:14:30 by ToshinoriMaeno)