RFC 7208, "Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1", April 2014

Note: This RFC has been updated by RFC 7372, RFC 8553, RFC 8616

Errata ID: 6216
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: David Bürgin
Date Reported: 2020-06-26

Section A.4 says:

ptr._spf.example.com.  SPF  "v=spf1 -ptr +all"

It should say:

ptr._spf.example.com.  TXT  "v=spf1 -ptr:example.com +all"

Notes:

The example in appendix A.4, 'Multiple Requirements Example', does not
work as intended.

In the example, the SPF record at ptr._spf.example.com contains the
directive '-ptr'.

When this directive is evaluated, the <target-name> is equal to
'ptr._spf.example.com'. An input <ip> such as 192.0.2.10, which has a
PTR record pointing to 'example.com', will fail to match, as that domain
is not equal to nor a subdomain of 'ptr._spf.example.com'. In other
words, given the DNS setup of appendix A, there are no inputs that
fulfil the requirement for matching this ptr mechanism.

The example can be fixed by supplying an appropriate <domain-spec>:
replace '-ptr' with '-ptr:example.com'.

Report New Errata