←back to thread

Understanding SPF, DKIM, and DMARC: A Simple Guide

(github.com)
443 points miles | 1 comments | 17 Jun 24 17:35 UTC | HN request time: 0.205s | source
Show context
velcrovan ◴[17 Jun 24 20:48 UTC] No.40710875[source]
I manage IT at a mid-size business. At least once a month, I get asked to release some incoming email from quarantine that got sent there because the sender's SPF record is wrong or outdated and doesn't include all the email services they actually use. (What this really tells me is how many small businesses are out there running with no in-house IT expertise or support of any kind.)

I don't do whitelisting. Instead, I always reach out and offer to help the other party correct their SPF record.

It happens often enough that I wrote a script in Racket that will generate the email for me and paste it into the clipboard [1]. The email tells them exactly what they need to change, and links to docs from their current email provider (so they don't have to trust me about edits to their DNS).

[1]: https://gist.github.com/otherjoel/6b8bf02f6db6e0c47ba6bca72e...

replies(13): >>40710906 #>>40711407 #>>40711533 #>>40712450 #>>40712783 #>>40713178 #>>40714393 #>>40714418 #>>40715408 #>>40715983 #>>40716281 #>>40716467 #>>40716996 #
zelphirkalt ◴[18 Jun 24 11:26 UTC] No.40716467[source]
How do I make use of the gist?

I do

    (load "spf-fail.rkt")
But afterwards none of the definitions are available in the Racket REPL. Maybe I need to (require ...) something? I do not see a module definition, that I would need to import and

    (require spf-fail)
fails.
replies(1): >>40718052 #
1. velcrovan ◴[18 Jun 24 14:07 UTC] No.40718052[source]
If you’ve just run "racket" from the command line to get a REPL, you would use

    (require "spf-fail.rkt")
to import all the bindings from this file (assuming it's in the same folder you ran racket from). The “Module Basics” chapter of the Racket is a good quick explainer of how this stuff works in Racket: https://docs.racket-lang.org/guide/module-basics.html

Another method would be to open the file in DrRacket (or VSCode or Emacs or whatever editor you have set up with a Racket plugin/lang server) and just "run" it in the REPL.

There are comments at the top that explain how to use it once it's loaded:

    ;; Generate a form email to let someone know their SPF records are misconfigured for their current email provider.
    ;;
    ;; Run (fill-report "domain.com" "1.2.3.4") where the 2nd arg is the sending email server's IP address.
    ;; It will copy the completed report to the clipboard for you.
    ;;
    ;; Only works on Windows for now.
Personally, I have this file incorporated into a larger package (not published anywhere) for producing canned responses. With that package installed I can do this at a command prompt:

    raco canned spf domain.com 1.2.3.4