On December 10, 2021 4:32:50 AM UTC, raf <post...@raf.org> wrote:
>On Tue, Dec 07, 2021 at 07:55:54PM +0800, Piper H <pott...@gmail.com> wrote:
>
>> I sent an email from my t-online.de account to gmail.
>> Gmail shows SPF pass by best guessing:
>>
>> Received-SPF: pass (google.com: best guess record for domain of
>> x...@t-online.de designates 194.25.134.18 as permitted sender)
>> client-ip=194.25.134.18;
>>
>> And t-online.de has no SPF setup for which you can check from their domain.
>> So what's the best guess record by google?
>>
>> Thanks in advance.
>> Piper
>
>Just guessing of course, but it's probably the fact that
>the host name of 194.25.134.18 is mailout04.t-online.de
>whose parent domain (t-online.de) matches sender domain.
>They might also accept the sender domain's MX hosts, regardless
>of their domain name.
>
>cheers,
>raf
Pyspf still has the original best guess record hidden in the code from when it
was first written in 2004:
https://github.com/sdgathman/pyspf/blob/0858adb6cf529e696a42318b7938e0b9e8a86c1c/spf.py#L245
No one should be using this anymore, but some still do. It's relatively safe
to use for finding pass results, but should never be used in any negative way.
It's also, formally, not an SPF result because it's not part of the RFC
4408/7208 definition of SPF.
Pyspf is the only first generation SPF library that's still maintained, so it's
got some very old pre-IETF bits laying around still.
Scott K
