IP validation in spf-validator seems to be stricter than RFC 7208 warrants. Example:
from spf_validator import validator
>>> validator.validate_spf_string('v=spf1 ip4:10.10.10.0/24 ip6:fd00::0/8 -all')
[]
>>> validator.validate_spf_string('v=spf1 ip4:10.10.10.1/24 ip6:fd00::1/8 -all')
['The IP 10.10.10.1/24 is not valid.', 'The IP fd00::1/8 is not valid.']The RFC instructs to compare the high-order bits, but does not seem to require the ip4/ip6 definition to be a canonical network base address.
A potential fix could be to set strict=False in ipaddress.ip_network() call in
.
IP validation in
spf-validatorseems to be stricter than RFC 7208 warrants. Example:The RFC instructs to compare the high-order bits, but does not seem to require the
ip4/ip6definition to be a canonical network base address.A potential fix could be to set
strict=Falseinipaddress.ip_network()call inspf-validator/src/spf_validator/validator.py
Line 110 in 9cd3053