Skip to content

Configuration: DNS record permissive SPF

Identifier: permisive_spf

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

Permissive SPF records allow any server to send emails on behalf of your domain, potentially enabling email spoofing and phishing attacks.

How we test: We query DNS records for SPF policy records and analyze their format to verify if SPF records are configured too permissively. We check if SPF policies allow unauthorized servers to send emails, which could enable email spoofing.

Configuration

Example

Example configuration:

---
security_tests:
  permisive_spf:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.