SPFQUERY(1) | User Contributed Perl Documentation | SPFQUERY(1) |
spfquery - (Mail::SPF) - Checks if a given set of e-mail parameters matches a domain's SPF policy
2.501
spfquery [--versions|-v 1|2|1,2] [--scope|-s helo|mfrom|pra] --file|-f filename|- [OPTIONS]
spfquery --mfrom mfrom-identity --ip-address|--ip ip-address [--helo helo-identity] [OPTIONS]
spfquery --pra pra-identity --ip-address|--ip ip-address [OPTIONS]
spfquery --help
spfquery checks if a given set of e-mail parameters (e.g., the SMTP sender's IP address) matches the responsible domain's Sender Policy Framework (SPF) policy. For more information on SPF see <http://www.openspf.org>.
The following usage forms are preferred over the legacy forms used by older spfquery versions:
The --identity form checks if the given ip-address is an authorized SMTP sender for the given "helo" hostname, "mfrom" envelope sender e-mail address, or "pra" (so-called purported resonsible address) e-mail address, depending on the value of the --scope option (which defaults to mfrom if omitted).
The --file form reads "ip-address identity [helo-identity]" tuples from the file with the specified filename, or from standard input if filename is -, and checks them against the specified scope (mfrom by default).
Both forms support an optional --versions option, which specifies a comma-separated list of the SPF version numbers of SPF records that may be used. 1 means that "v=spf1" records should be used. 2 means that "spf2.0" records should be used. Defaults to 1,2, i.e., uses any SPF records that are available. Records of a higher version are preferred.
spfquery versions before 2.500 featured the following usage forms, which are discouraged but still supported for backwards compatibility:
The --helo form checks if the given ip-address is an authorized SMTP sender for the "HELO" hostname given as the identity (so-called "HELO" check).
The --mfrom form checks if the given ip-address is an authorized SMTP sender for the envelope sender email-address (or domain) given as the identity (so-called "MAIL FROM" check). If a domain is given instead of an e-mail address, "postmaster" will be substituted for the localpart.
The --pra form checks if the given ip-address is an authorized SMTP sender for the PRA (Purported Responsible Address) e-mail address given as the identity.
The --version form prints version information of spfquery. The --help form prints usage information for spfquery.
The preferred and legacy forms optionally take any of the following OPTIONS:
Several options that were supported by earlier versions of spfquery are considered black magic (i.e. potentially dangerous for the innocent user) and are thus disabled by default. If the Mail::SPF::BlackMagic Perl module is installed, they may be enabled by specifying --enable-black-magic.
--override example.org='v=spf1 -all' --override '*.example.net'='v=spf1 a mx -all' --fallback example.com='v=spf1 -all'
Result | Exit code -----------+----------- pass | 0 fail | 1 softfail | 2 neutral | 3 permerror | 4 temperror | 5 none | 6
spfquery --scope mfrom --id user@example.com --ip 1.2.3.4 spfquery --file test_data echo "127.0.0.1 user@example.com helohost.example.com" | spfquery -f -
spfquery has undergone the following interface changes compared to earlier versions:
Deprecated options | Preferred options ---------------------+----------------------------- --sender, -s | --mfrom --ipv4, -i | --ip-address, --ip --name | --hostname --max-lookup-count, | --max-dns-interactive-terms --max-lookup | --rcpt-to, -r | --authorize-mxes-for --trusted | --tfwl
Mail::SPF, spfd(8)
<http://tools.ietf.org/html/rfc4408>
This version of spfquery is a complete rewrite by Julian Mehnle <julian@mehnle.net>, based on an earlier version written by Meng Weng Wong <mengwong+spf@pobox.com> and Wayne Schlitt <wayne@schlitt.net>.
2023-05-20 | perl v5.34.0 |