id: spoofable-spf-records-ptr

info:
  name: Find spoofable SPF records containing the PTR mechanism
  author: binaryfigments
  severity: info
  description: Check if TXT records in DNS for SPF records that have the PTR mechanism that is spoofable.
  tags: dns,spf

dns:
  - name: "{{FQDN}}"
    type: TXT
    class: inet
    recursion: true
    retries: 3
    matchers:
      - type: word
        words:
          - "v=spf1"
          - " ptr "
        condition: and