Get-SPFRecord fails on multiple line returned

[ChrisOD-AD]

I have a minor change to Get-SPFRecord that fixes the behaviour if a zone has a LONG SPF record.

Changes:

    $SPF = $SPF -join ""
    $spfCnt = ([regex]::Matches($SPF, "v=spf1" )).count
    if ($SPF -eq $null) {
        $SpfAdvisory = "Domain does not have an SPF record. To prevent abuse of this domain, please add an SPF record to it."
    }
    if($spfCnt -gt 1) {
        $SpfAdvisory = "Domain has more than one SPF-record. One SPF record for one domain. This is explicitly defined in RFC4408"
    }
    Else {
        switch -Regex ($SPF) {
            '~all' {
                $SpfAdvisory = "An SPF-record is configured but the policy is not sufficiently strict."
            }
            '-all' {
                $SpfAdvisory = "An SPF-record is configured and the policy is sufficiently strict."
            }
            "\?all" {
                $SpfAdvisory = "Your domain has a valid SPF record but your policy is not effective enough."
            }
            '\+all' {
                $SpfAdvisory = "Your domain has a valid SPF record but your policy is not effective enough."
            }
            Default {
                $SpfAdvisory = "No qualifier found. Your domain has a SPF record but your policy is not effective enough."
            }
        }
    }

[T13nn3s]

Hi ChrisOD-AD,
Do you have a specific example so that I can validate the current behavior and the behavior after the change?

[ChrisOD-AD]

Sure, look at hcf.com.au Chris On 31 May 2022 05:55, T13nn3s ***@***.***> wrote: Hi ChrisOD-AD, Do you have a specific example so that I can validate the current behavior and the behavior after the change? — Reply to this email directly, view it on GitHub<#21 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AROPX46LUMW6GIR3HYKSY2LVMT6J7ANCNFSM5WXLD5KQ>. You are receiving this because you authored the thread.Message ID: ***@***.***> Confidentiality Note: This email and any accompanying documents are confidential, may be privileged and are intended only for the use of the intended recipient. If you are not the intended recipient, any use, dissemination, forwarding, printing or copying of this email and any accompanying documents is strictly prohibited. Please let the sender know immediately if you have received this by mistake and delete it immediately. Confidentiality Note: This email and any accompanying documents are confidential, may be privileged and are intended only for the use of the intended recipient. If you are not the intended recipient, any use, dissemination, forwarding, printing or copying of this email and any accompanying documents is strictly prohibited. Please let the sender know immediately if you have received this by mistake and delete it immediately.

[T13nn3s]

Thanks. I can confirm that the output of the script does not reflect the reality of the SPF record. I now see it as a bug in the script and am doing some further research. The SPF record is indeed very long and also contains errors (too many DNS lookups).

Your suggested change doesn't seem to be the solution yet. I need to look into this further.

[ChrisOD-AD]

Yes, HCF has a terrible SPF. Which TBF was why I remembered it. I'll email you later with some others that have valid sofa, but split reply. Chris On 31 May 2022 07:55, T13nn3s ***@***.***> wrote: Thanks. I can confirm that the output of the script does not reflect the reality of the SPF record. I now see it as a bug in the script and am doing some further research. The SPF record is indeed very long and also contains errors (too many DNS lookups). Your suggested change doesn't seem to be the solution yet. I need to look into this further. — Reply to this email directly, view it on GitHub<#21 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AROPX43UYJHIYB2FOWCWSGDVMUMLHANCNFSM5WXLD5KQ>. You are receiving this because you authored the thread.Message ID: ***@***.***> Confidentiality Note: This email and any accompanying documents are confidential, may be privileged and are intended only for the use of the intended recipient. If you are not the intended recipient, any use, dissemination, forwarding, printing or copying of this email and any accompanying documents is strictly prohibited. Please let the sender know immediately if you have received this by mistake and delete it immediately. Confidentiality Note: This email and any accompanying documents are confidential, may be privileged and are intended only for the use of the intended recipient. If you are not the intended recipient, any use, dissemination, forwarding, printing or copying of this email and any accompanying documents is strictly prohibited. Please let the sender know immediately if you have received this by mistake and delete it immediately.

[ChrisOD-AD]

Here is some domains from our tenants that have long SPFs (i.e.: return an [array] in $SPF) lifemark.ca hcf.com.au myhomecare.com.au vivir.com.au rsllifecare.org.au From: T13nn3s ***@***.***> Sent: Tuesday, 31 May 2022 7:56 am To: T13nn3s/Invoke-SpfDkimDmarc ***@***.***> Cc: Chris O'Donoghue ***@***.***>; Author ***@***.***> Subject: Re: [T13nn3s/Invoke-SpfDkimDmarc] Get-SPFRecord fails on multiple line returned (Issue #21) Thanks. I can confirm that the output of the script does not reflect the reality of the SPF record. I now see it as a bug in the script and am doing some further research. The SPF record is indeed very long and also contains errors (too many DNS lookups). Your suggested change doesn't seem to be the solution yet. I need to look into this further. — Reply to this email directly, view it on GitHub<#21 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AROPX43UYJHIYB2FOWCWSGDVMUMLHANCNFSM5WXLD5KQ>. You are receiving this because you authored the thread.Message ID: ***@***.******@***.***>> Confidentiality Note: This email and any accompanying documents are confidential, may be privileged and are intended only for the use of the intended recipient. If you are not the intended recipient, any use, dissemination, forwarding, printing or copying of this email and any accompanying documents is strictly prohibited. Please let the sender know immediately if you have received this by mistake and delete it immediately. Confidentiality Note: This email and any accompanying documents are confidential, may be privileged and are intended only for the use of the intended recipient. If you are not the intended recipient, any use, dissemination, forwarding, printing or copying of this email and any accompanying documents is strictly prohibited. Please let the sender know immediately if you have received this by mistake and delete it immediately.

[T13nn3s]

@ChrisOD-AD,

I have tried to solve this 'problem' in the script, but am so far unsuccessful in doing so.

An SPF record may contain a maximum of 255 characters. Go over this limit, the SPF record is returned to the script as an array. Furthermore, an SPF record above 255 characters may not be validated correctly, which may result in an incorrect check and then the SPF record no longer functions properly.

My advice is to split your SPF records into multiple TXT records and then create 1 SPF record into which you include the other records.

So far, I can't get this fixed neatly in the script and I'll leave it as it is for now.

[ChrisOD-AD]

Thanks for looking at it still think your module is the best out there. Cheers Chris On 3 Nov 2022 07:54, T13nn3s ***@***.***> wrote: @ChrisOD-AD<https://github.com/ChrisOD-AD>, I have tried to solve this 'problem' in the script, but am so far unsuccessful in doing so. An SPF record may contain a maximum of 255 characters. Go over this limit, the SPF record is returned to the script as an array. Furthermore, an SPF record above 255 characters may not be validated correctly, which may result in an incorrect check and then the SPF record no longer functions properly. My advice is to split your SPF records into multiple TXT records and then create 1 SPF record into which you include the other records. So far, I can't get this fixed neatly in the script and I'll leave it as it is for now. — Reply to this email directly, view it on GitHub<#21 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AROPX475JJ3JWDCRIF7C4XTWGK2HTANCNFSM5WXLD5KQ>. You are receiving this because you were mentioned.Message ID: ***@***.***> Confidentiality Note: This email and any accompanying documents are confidential, may be privileged and are intended only for the use of the intended recipient. If you are not the intended recipient, any use, dissemination, forwarding, printing or copying of this email and any accompanying documents is strictly prohibited. Please let the sender know immediately if you have received this by mistake and delete it immediately. Confidentiality Note: This email and any accompanying documents are confidential, may be privileged and are intended only for the use of the intended recipient. If you are not the intended recipient, any use, dissemination, forwarding, printing or copying of this email and any accompanying documents is strictly prohibited. Please let the sender know immediately if you have received this by mistake and delete it immediately.