Check if the include listed after include: could be a domainname, fai…

…l if the include looks like include:include:domain.ext
markvantilburg · Dec 18, 2024 · 829c471 · 829c471
1 parent fdb63f9
commit 829c471
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/BusinessMonitor.MailTools.Test/SpfTests.cs b/BusinessMonitor.MailTools.Test/SpfTests.cs
@@ -110,6 +110,7 @@ public void TestModifiers()
         [TestCase("")]
         [TestCase("v=spf1 -boop")]
         [TestCase("v=spf1 boop:boop")]
+        [TestCase("v=spf1 include:include:businessmonitor.nl")]
         public void TestInvalid(string value)
         {
             Assert.Throws<SpfInvalidException>(() =>

diff --git a/BusinessMonitor.MailTools/Spf/SpfCheck.cs b/BusinessMonitor.MailTools/Spf/SpfCheck.cs
@@ -1,6 +1,7 @@
 using BusinessMonitor.MailTools.Dns;
 using BusinessMonitor.MailTools.Exceptions;
 using System.Net;
+using System.Text.RegularExpressions;
 
 namespace BusinessMonitor.MailTools.Spf
 {
@@ -83,7 +84,7 @@ private SpfRecord GetRecord(string domain)
             {
                 throw new SpfInvalidException("Too many SPF records found on domain");
             }
-            
+
             // Parse and validate the record and return it
             var parsed = ParseSpfRecord(record);
 
@@ -238,6 +239,11 @@ private static SpfDirective ParseDirective(string qualifier, string mechanism, s
                 case SpfMechanism.Include:
                     directive.Include = value;
 
+                    if (Regex.Match(value, "^([a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}$").Length != 1)
+                    {
+                        throw new SpfInvalidException($"Include must be a domain name. The include value '{value}' fails");
+                    }
+
                     break;
 
                 case SpfMechanism.IP4: