RFC 7208, "Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1", April 2014Source of RFC: spfbis (app)
Errata ID: 6216
Publication Format(s) : TEXT
Reported By: David Bürgin
Date Reported: 2020-06-26
Section A.4 says:
ptr._spf.example.com. SPF "v=spf1 -ptr +all"
It should say:
ptr._spf.example.com. TXT "v=spf1 -ptr:example.com +all"
The example in appendix A.4, 'Multiple Requirements Example', does not
work as intended.
In the example, the SPF record at ptr._spf.example.com contains the
When this directive is evaluated, the <target-name> is equal to
'ptr._spf.example.com'. An input <ip> such as 192.0.2.10, which has a
PTR record pointing to 'example.com', will fail to match, as that domain
is not equal to nor a subdomain of 'ptr._spf.example.com'. In other
words, given the DNS setup of appendix A, there are no inputs that
fulfil the requirement for matching this ptr mechanism.
The example can be fixed by supplying an appropriate <domain-spec>:
replace '-ptr' with '-ptr:example.com'.