Set up SPF records to prevent spoofing

[amcl61]

Hello,

Our report is showing 5 subdomains with "Is Hardfail" set to "Not Detected". I've confirmed using Kitterman that they are all set with v=spf1 -all.
I should also mention these 5 domains are not messaging domains.

Regards,

Anne

[JManDoo]

In the check-ORCA235.ps1

The code is checking for an "Uncommon" redirect only
The code should find the standard spf record, which is listed in the report and stored in $SPF

I think the problem is if you exceed the TXT Record length of 255 chars, then the actual record is returned as an Array!
Sooo, here is the fix since ours does exceed 255 chars Information on Concatenating TXT Records

....
             # Check objects
                $ConfigObject = [ORCACheckConfig]::new()
                $ConfigObject.Object = $($AcceptedDomain.Name)

                $SPF = Resolve-DnsName -Name $($AcceptedDomain.Name) -Type TXT @SplatParameters | where-object { $_.strings -match "v=spf1" } | Select-Object -ExpandProperty strings -ErrorAction SilentlyContinue
                
				if ($SPF -match "redirect") {
                    $redirect = $SPF.Split(" ")
                    $RedirectName = $redirect -match "redirect" -replace "redirect="
                    $SPF = Resolve-DnsName -Name "$RedirectName" -Type TXT @SplatParameters | where-object { $_.strings -match "v=spf1" } | Select-Object -ExpandProperty strings -ErrorAction SilentlyContinue
                }
                #BEGIN NEW CODE HERE
                Else{
                    $FlatSPF = $Null
                    if ($SPF -is [array]) {
                        # SPF Record is over 255 chars, we need to flatten it for the test
                        ForEach($SPFRecord in $SPF){
                            $FlatSPF = $FlatSPF + $SPFRecord
                        }
                    }
                    $SPF = $FlatSPF
                }
                #END OF NEW CODE

                $SpfAdvisory = "No SPF record"
                if ( $null -eq $SPF) {
                    $SpfAdvisory = "No SPF record"
                }
                if ($SPF -is [array]) {
                    $SpfAdvisory = "More than one SPF-record"
                }
                Else {
                    switch -Regex ($SPF) {
                    '~all' {
                        $SpfAdvisory = "Soft Fail"
                    }
                    '-all' {
                        $SpfAdvisory = "Hard Fail"
                    }
                    Default {
                        $SpfAdvisory = "No qualifier found"
                    }
                }
                }
....

[cammurray]

Putting in vnext bucket where i'll put a bit of focus on the sender auth checks, it wont make 2.3 because I need to get it out the door to fix some big issues.

[cammurray]

I'd rather do this one properly and that's slightly more complicated than I thought. I'm going to push this to 2.8 so I can get a bunch of low hanging fruit out in 2.7.