To assess the SPF Domains risk vector, we look for the presence of SPF records in the company’s primary domain, subdomains, and any domains that have sent or attempted to send email. These domains typically correspond to email servers.
Data to verify:
- SPF records should be implemented for all domains with a single record per domain.
- The records should be correctly formatted - free of empty redirects and without any improperly formatted or ineffective configurations.
dig command to display information about the SPF record attached to the listed domain, assuming one has been implemented. Commands requiring specific asset data from your finding to be inserted (variables) are indicated by the bold text.
dig domain.com txt
+short to filter just the TXT records for the domain.