1.18. spf

This module provides functionality for checking published Sender Policy Framework (SPF) records. SPF is defined in RFC 7208.

1.18.1. Data

DEFAULT_DNS_TIMEOUT = 10[source]

The default number of seconds to wait for a query response from the DNS server.

MACRO_REGEX[source]

A regular expression which matches SPF record macros.

MAX_QUERIES = 10[source]

The maximum number of DNS queries allowed to take place during evaluation as defined within section 4.6.4 of RFC 7208.

MAX_QUERIES_VOID = inf[source]

The maximum number of DNS queries allowed to either return with rcode 0 and no answers or rcode 3 (Name Error) as defined within section 4.6.4 of RFC 7208.

QUALIFIERS[source]

A dict object keyed with the qualifier symbols to their readable values.

1.18.2. Functions

check_host(ip, domain, sender=None, timeout=10)[source]

Analyze the Sender Policy Framework of a domain by creating a SenderPolicyFramework instance and returning the result of SenderPolicyFramework.check_host().

Parameters:
  • ip (str, ipaddress.IPv4Address, ipaddress.IPv6Address) – The IP address of the host sending the message.
  • domain (str) – The domain to check the SPF policy of.
  • sender (str) – The “MAIL FROM” identity of the message being sent.
  • timeout (int) – The timeout for DNS queries.
Returns:

The result of the SPF policy if one can be found or None.
Return type:

None, str
validate_record(ip, domain, sender=None)[source]

Check if an SPF record exists for the domain and can be parsed by this module.

Returns:Whether the record exists and is parsable or not.
Return type:bool

1.18.3. Classes

class SenderPolicyFramework(ip, domain, sender=None, timeout=10)[source]

Analyze the Sender Policy Framework configuration for a domain to determine if an IP address is authorized to send messages on it’s behalf. The exp modifier defined in section 6.2 of the RFC is not supported.

__init__(ip, domain, sender=None, timeout=10)[source]
Parameters:
  • ip (str, ipaddress.IPv4Address, ipaddress.IPv6Address) – The IP address of the host sending the message.
  • domain (str) – The domain to check the SPF policy of.
  • sender (str) – The “MAIL FROM” identity of the message being sent.
  • timeout (int) – The timeout for DNS queries.
check_host()[source]

Check the SPF policy described by the object. The string representing the matched policy is returned if an SPF policy exists, otherwise None will be returned if no policy is defined.

Returns:The result of the SPF policy described by the object.
Return type:None, str
expand_macros(value, ip, domain, sender)[source]

Expand a string based on the macros it contains as specified by section 7 of RFC 7208.

Parameters:
  • value (str) – The string containing macros to expand.
  • ip (str, ipaddress.IPv4Address, ipaddress.IPv6Address) – The IP address to use when expanding macros.
  • domain (str) – The domain name to use when expanding macros.
  • sender (str) – The email address of the sender to use when expanding macros.
Returns:

The string with the interpreted macros replaced within it.
Return type:

str
match[source]
matches = None[source]

A list of SPFMatch instances showing the path traversed to identify a matching directive. Multiple entries in this list are present when include directives are used and a match is found within the body of one. The list is ordered from the top level domain to the matching record.

records = None[source]

A collections.OrderedDict of all the SPF records that were resolved. This would be any records resolved due to an “include” directive in addition to the top level domain.

timeout = None[source]

The human readable policy result, one of the SPFResult constants`.

class SPFDirective(mechanism, qualifier, rvalue=None)[source]

A class representing a single directive within a sender policy framework record.

__init__(mechanism, qualifier, rvalue=None)[source]
Parameters:
  • mechanism (str) – The SPF mechanism that this directive uses.
  • qualifier (str) – The qualifier value of the directive in it’s single character format.
  • rvalue (str) – The optional rvalue for directives which use them.
class SPFMatch(record, directive)[source]

A simple container to associate a matched directive with it’s record.

__init__[source]

Initialize self. See help(type(self)) for accurate signature.

class SPFRecord(directives, domain=None)[source]

A class representing a parsed Sender Policy Framework record with all of its directives.

__init__(directives, domain=None)[source]
Parameters:
  • directives (list) – A list of SPFDirective instances.
  • domain (str) – The domain with which this record is associated with.

1.18.4. Exceptions

exception SPFError(message)[source]

Bases: Exception

Base exception for errors raised by this module.

exception SPFTempError(message)[source]

Bases: king_phisher.spf.SPFError

Exception indicating that the verification process encountered a transient (generally DNS) error while performing the check. Described in section 2.6.6 of RFC 7208.

exception SPFTimeOutError(message)[source]

Bases: king_phisher.spf.SPFTempError

Exception indicating that a timeout occurred while querying the DNS server. This is normally caused when the client can’t communicate with the DNS server.

exception SPFParseError(message)[source]

Bases: king_phisher.spf.SPFPermError

Exception indicating that the domains published records could not be correctly parsed.

exception SPFPermError(message)[source]

Bases: king_phisher.spf.SPFError

Exception indicating that the domains published records could not be correctly interpreted. Described in section 2.6.7 of RFC 7208.