id: spoofable-spf-records-ptr info: name: Spoofable SPF Records with PTR Mechanism author: binaryfigments severity: info description: SPF records in DNS containing a PTR mechanism are spoofable. reference: - https://www.digitalocean.com/community/tutorials/how-to-use-an-spf-record-to-prevent-spoofing-improve-e-mail-reliability classification: cwe-id: CWE-200 metadata: max-request: 1 tags: dns,spf dns: - name: "{{FQDN}}" type: TXT matchers: - type: word words: - "v=spf1" - " ptr " condition: and # digest: 4a0a00473045022100dcb965b47233e3942f4879e832d145cc6ade3ddc990891e0ff365e8209a6aa8302201ecdb55e85d79a9c4e2d585fd8ce7b83e7549fb3bc257be05038e166b73ec1a6:922c64590222798bb761d5b6d8e72950