Would something along the lines of this work as a quick rule until a fully fledged plugin comes around?
askdns __LOC_SPF_ALL _SENDERDOMAIN_ TXT /v=spf1.+\+all/ askdns __LOC_SPF_NONE _SENDERDOMAIN_ TXT /v=spf1.+\-all/ askdns __LOC_SPF_LARGESUB _SENDERDOMAIN_ TXT /^v=spf(.+\/[1-6]\s)/ I can't seem to get these rules to fire on test emails? Example domain of merchantaccount-quotes.co.uk Paul On 15/08/14 18:50, David F. Skoll wrote: On Fri, 15 Aug 2014 10:39:03 -0700 (PDT) John Hardin <jhar...@impsec.org><mailto:jhar...@impsec.org> wrote: On Fri, 15 Aug 2014, David F. Skoll wrote: SPF is so easy ("v=spf1 +all") Doing *that* should be worth a point or two by itself. Yes. I even through about implementing it, but there are so many ways to achieve this: v=spf1 +all v=spf1 ip4:128.0.0.0/1 ip4:0.0.0.0/1 v=spf1 exists:openspf.org ... etc... that we really need an SPF normalizing library that tells you what percentage of IPv4 space would pass, and then add points for anyone claiming (say) that more than 1% of total IPv4 space is OK. (Though the exists: mechanism is nasty; not sure you even can predict what percentage of IPv4 is covered in complex cases.) Regards, David. -- Paul Stead Systems Engineer Zen Internet
