## page was renamed from DNS/管理/SPF ## page was renamed from DNS/SPF ## page was renamed from SPF = SPF = <> <> SPFは酸っぱいブドウなのか。https://datatracker.ietf.org/doc/html/rfc7208 spam排除に使える場面はどれくらいあるのだろう。 [[/leopalace21.com]] SPF Record Testing Tools https://www.kitterman.com/spf/validate.html? https://salt.iajapan.org/wpmu/anti_spam/admin/tech/explanation/spf/ * DNS設定の問題 (docomo.ne.jp 2021) * DNS検索の問題 * 排除方法の問題 SmartConnect spfレコードの記述 マネージドサーバ https://support.mngsv.jp/mnl/set/n07/ == SMTPとの関係 == MAIL FROMコマンドで送られるドメインがSPFレコードのチェックに使用されるドメイン エンベロープFromとReturn-Pathヘッダに現れる。 https://dmarcian.com/spf-survey/ SPF Record Check https://pypi.org/project/pyspf/#files == spfquery == この名前で使えるツールがいくつかある。 netqmail+spf のもとにもあって、 /var/qmail/bin/の下にもインストールされていた。 これを試すのがよいだろう。(単体でのamazon関連はpassになった) {{{ $ /var/qmail/bin/spfquery 54.240.25.4 amazon.co.jp amazon.co.jp result=pass Received-SPF: pass (localhost: SPF record at amazonses.com designates 54.240.25.4 as permitted sender) }}} netqmailでのSPFエラーはタイミングからみの可能性を示している。調査は厄介だ。 == SPF と転送 == https://salt.iajapan.org/wpmu/anti_spam/admin/operation/suggestion/spf-sugg_a02/ == SPF record type == https://datatracker.ietf.org/doc/html/rfc7208 SPF Record Deprecated https://mxtoolbox.com/problem/spf/spf-record-deprecated {{{ The use of alternative DNS RR types that was formerly supported during the experimental phase of SPF was discontinued in 2014. SPF records must now only be published as a DNS TXT (type 16) Resource Record (RR) [RFC1035]. See RFC 7208 for further detail on this change. }}} http://www.openspf.org/ https://www.uriports.com/tools ---- co.jp ドメインを対象に、NSレコードでドメイン内の名前だけを指定している1436のドメインを調査しました。  spf レコードをもつドメインは 350 でした。 spfレコードの内容を精査してみます。 -- ToshinoriMaeno <> ||spf1\040mx\040-all|| 2|| ||spf1\040mx\040~all|| 23|| ||spf1\040+mx\040-all|| 4|| ||spf1\040+mx\040~all|| 4|| ||include:aspmx.googlemail.com || 19|| ||include:_spf.google.com||10|| ||-all|| 70|| ||~all|| 275|| ||?all||10|| ----- / == rfc7208 == SPF でいう DNS lookup 数と制限 4.6.4. DNS Lookup Limits {{{ Some mechanisms and modifiers (collectively, "terms") cause DNS queries at the time of evaluation, and some do not. The following terms cause DNS queries: the "include", "a", "mx", "ptr", and "exists" mechanisms, and the "redirect" modifier. SPF implementations MUST limit the total number of those terms to 10 during SPF evaluation, to avoid unreasonable load on the DNS. If this limit is exceeded, the implementation MUST return "permerror". The other terms -- the "all", "ip4", and "ip6" mechanisms, and the "exp" modifier -- do not cause DNS queries at the time of SPF evaluation (the "exp" modifier only causes a lookup at a later time), and their use is not subject to this limit. }}}