public/Get-SPFRecord.ps1

<#>
.HelpInfoURI 'https://github.com/T13nn3s/Show-SpfDkimDmarc/blob/main/public/CmdletHelp/Get-SPFRecord.md'
#>

function Get-SPFRecord {
    [CmdletBinding()]
    param(
        [Parameter(
            Mandatory = $True,
            ValueFromPipeline = $True,
            ValueFromPipelineByPropertyName = $True,
            HelpMessage = "Enter one or more domain names to resolve their SPF records."
        )][string[]]$Name,

        [Parameter(Mandatory = $false,
            HelpMessage = "DNS Server to use.")]
        [string]$Server
    )

    begin {

        Write-Verbose "Starting $($MyInvocation.MyCommand)"
        $PSBoundParameters | Out-String | Write-Verbose

        if ($PSBoundParameters.ContainsKey('Server')) {
            $SplatParameters = @{
                'Server'      = $Server
                'ErrorAction' = 'SilentlyContinue'
            }
        }
        Else {
            $SplatParameters = @{
                'ErrorAction' = 'SilentlyContinue'
            }
        }

        $SpfObject = New-Object System.Collections.Generic.List[System.Object]
    }

    Process {
        foreach ($domain in $Name) {

            # Get SPF record from specified domain
            $SPF = Resolve-DnsName -Name $domain -Type TXT @SplatParameters | where-object { $_.strings -match "v=spf1" } | Select-Object -ExpandProperty strings -ErrorAction SilentlyContinue
            
            # Checks for SPF redirect and follow the redirect
            if ($SPF -match "redirect") {
                $redirect = $SPF.Split(" ")
                $RedirectName = $redirect -match "redirect" -replace "redirect="
                $SPF = Resolve-DnsName -Name "$RedirectName" -Type TXT @SplatParameters | where-object { $_.strings -match "v=spf1" } | Select-Object -ExpandProperty strings -ErrorAction SilentlyContinue
            }

            # Check for multiple SPF records
            $RecipientServer = "v=spf1"
            $SPFCount = ([regex]::Matches($SPF, $RecipientServer)).Count
            
            # If there is no SPF record
            if ($null -eq $SPF) {
                $SpfAdvisory = "Domain does not have an SPF record. To prevent abuse of this domain, please add an SPF record to it."
            }
            elseif ($SPFCount -gt 1) {
                $SpfAdvisory = "Domain has more than one SPF record. Only one SPF record per domain is allowed. This is explicitly defined in RFC4408."     
                $SpfTotalLenght = 0
                foreach ($char in $SPF) {
                    $SPFTotalLenght += $char.Length
                    $SpfTotalLenght
                }
            }
            Else {
                $SPF = $SPF -join ""
                $SpfTotalLenght = $SPF.Length

                foreach ($mechanism in $SPF) {
                    if ($mechanism.Length -ge 450) {
                        # See: https://datatracker.ietf.org/doc/html/rfc7208#section-3.4
                        $SpfAdvisory += "Your SPF-record has more than 450 characters. This is SHOULD be avoided according to RFC7208. "
                    }
                    elseif ($mechanism.Length -ge 255) {
                        # See: https://datatracker.ietf.org/doc/html/rfc4408#section-3.1.3
                        $SpfAdvisory = "Your SPF record has more than 255 characters in one string. This MUST not be done as explicitly defined in RFC4408. " 
                    }
                }
            
                switch -Regex ($SPF) {
                    '~all' {
                        $SpfAdvisory += "An SPF-record is configured but the policy is not sufficiently strict."
                    }
                    '-all' {
                        $SpfAdvisory += "An SPF-record is configured and the policy is sufficiently strict."
                    }
                    "\?all" {
                        $SpfAdvisory += "Your domain has a valid SPF record but your policy is not effective enough."
                    }
                    '\+all' {
                        $SpfAdvisory += "Your domain has a valid SPF record but your policy is not effective enough."
                    }
                    Default {
                        $SpfAdvisory += "No qualifier found. Your domain has a SPF record but your policy is not effective enough."
                    }
                }
            }
        }

        foreach ($domain in $name) {

            $SpfReturnValues = New-Object psobject
            $SpfReturnValues | Add-Member NoteProperty "Name" $domain
            $SpfReturnValues | Add-Member NoteProperty "SPFRecord" "$($SPF)"
            $SpfReturnValues | Add-Member NoteProperty "SPFRecordLength" "$($SpfTotalLenght)"
            $SpfReturnValues | Add-Member NoteProperty "SPFAdvisory" $SpfAdvisory
            $SpfObject.Add($SpfReturnValues)
            $SpfReturnValues
        }
    } end {}
} 

Set-Alias gspf -Value Get-SPFRecord