{"id":81,"date":"2013-10-26T09:08:15","date_gmt":"2013-10-26T08:08:15","guid":{"rendered":"http:\/\/www.mostlyharmless.nl\/?p=81"},"modified":"2013-10-26T10:30:12","modified_gmt":"2013-10-26T09:30:12","slug":"sender-policy-framework","status":"publish","type":"post","link":"https:\/\/www.mostlyharmless.nl\/index.php\/2013\/10\/26\/sender-policy-framework\/","title":{"rendered":"Sender Policy Framework"},"content":{"rendered":"<p>&nbsp;<\/p>\n<table>\n<tbody>\n<tr>\n<td id=\"title\">\n<h2><a href=\"http:\/\/www.openspf.org\/?back=SPF+Record+Syntax\">SPF Record Syntax<\/a><\/h2>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<table>\n<tbody>\n<tr>\n<td id=\"content\">\n<div>\n<div>\n<p>Note:\u00a0This page serves as an introduction and quick overview of SPF mechanism syntax. For the complete and definitive picture, please see the\u00a0<a href=\"http:\/\/www.openspf.org\/Specifications\">specification<\/a>.<\/p>\n<\/div>\n<p>Domains define zero or more\u00a0mechanisms. Mechanisms can be used to describe the set of hosts which are designated outbound mailers for the domain.<\/p>\n<div>\n<p><tt><a href=\"http:\/\/www.openspf.org\/SPF_Record_Syntax#all\">all<\/a><\/tt>\u00a0|\u00a0<tt><a href=\"http:\/\/www.openspf.org\/SPF_Record_Syntax#ip4\">ip4<\/a><\/tt>\u00a0|\u00a0<tt><a href=\"http:\/\/www.openspf.org\/SPF_Record_Syntax#ip6\">ip6<\/a><\/tt>\u00a0|\u00a0<tt><a href=\"http:\/\/www.openspf.org\/SPF_Record_Syntax#a\">a<\/a><\/tt>\u00a0|\u00a0<tt><a href=\"http:\/\/www.openspf.org\/SPF_Record_Syntax#mx\">mx<\/a><\/tt>\u00a0|\u00a0<tt><a href=\"http:\/\/www.openspf.org\/SPF_Record_Syntax#ptr\">ptr<\/a><\/tt>\u00a0|\u00a0<tt><a href=\"http:\/\/www.openspf.org\/SPF_Record_Syntax#exists\">exists<\/a><\/tt>\u00a0|\u00a0<tt><a href=\"http:\/\/www.openspf.org\/SPF_Record_Syntax#include\">include<\/a><\/tt><\/p>\n<\/div>\n<p>Domains may also define\u00a0modifiers. Each modifier can appear only once.<\/p>\n<div>\n<p><tt><a href=\"http:\/\/www.openspf.org\/SPF_Record_Syntax#redirect\">redirect<\/a><\/tt>\u00a0|\u00a0<tt><a href=\"http:\/\/www.openspf.org\/SPF_Record_Syntax#exp\">exp<\/a><\/tt><\/p>\n<\/div>\n<h2><a name=\"0.1\"><\/a>Mechanisms<\/h2>\n<p>Mechanisms can be prefixed with one of four qualifiers:<\/p>\n<div>\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr valign=\"top\">\n<td>&#8220;+&#8221;<\/td>\n<td>Pass<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>&#8220;-&#8220;<\/td>\n<td>Fail<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>&#8220;~&#8221;<\/td>\n<td>SoftFail<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>&#8220;?&#8221;<\/td>\n<td>Neutral<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<p>If a mechanism results in a hit, its qualifier value is used. The default qualifier is &#8220;<tt>+<\/tt>&#8220;, i.e. &#8220;Pass&#8221;. For example:<\/p>\n<div><code>\"v=spf1 -all\"<\/code><\/div>\n<div><code>\"v=spf1 a -all\"<\/code><\/div>\n<div><code>\"v=spf1 a mx -all\"<\/code><\/div>\n<div><code>\"v=spf1 +a +mx -all\"<\/code><\/div>\n<p>Mechanisms are evaluated in order. If no mechanism or modifier matches, the default result is &#8220;Neutral&#8221;.<\/p>\n<p>If a domain has no SPF record at all, the result is &#8220;None&#8221;. If a domain has a temporary error during DNS processing, you get the result &#8220;TempError&#8221; (called &#8220;error&#8221; in earlier drafts). If some kind of syntax or evaluation error occurs (eg. the domain specifies an unrecognized mechanism) the result is &#8220;PermError&#8221; (formerly &#8220;unknown&#8221;).<\/p>\n<p>Evaluation of an SPF record can return any of these results:<\/p>\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr valign=\"top\">\n<td align=\"center\">Result<\/td>\n<td align=\"center\">Explanation<\/td>\n<td>Intended action<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>Pass<\/td>\n<td>The SPF record designates the host to be allowed to send<\/td>\n<td>accept<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>Fail<\/td>\n<td>The SPF record has designated the host as NOT being allowed to send<\/td>\n<td>reject<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>SoftFail<\/td>\n<td>The SPF record has designated the host as NOT being allowed to send but is in transition<\/td>\n<td>accept but mark<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>Neutral<\/td>\n<td>The SPF record specifies explicitly that nothing can be said about validity<\/td>\n<td>accept<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>None<\/td>\n<td>The domain does not have an SPF record or the SPF record does not evaluate to a result<\/td>\n<td>accept<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>PermError<\/td>\n<td>A permanent error has occured (eg. badly formatted SPF record)<\/td>\n<td>unspecified<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>TempError<\/td>\n<td>A transient error has occured<\/td>\n<td>accept or reject<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><!--more--><\/p>\n<h3><a name=\"0.1.1\"><\/a>The &#8220;<code>all<\/code>&#8221; mechanism\u00a0<small><small>(<a href=\"http:\/\/www.openspf.org\/?action=edit&amp;id=Mechanism\/all\">edit<\/a>)<\/small><\/small><\/h3>\n<div>\n<p><code>all<\/code><\/p>\n<\/div>\n<p>This mechanism always matches. It usually goes at the end of the SPF record.<\/p>\n<p>Examples:<\/p>\n<div>\n<p><code>\"v=spf1 mx -all\"<\/code><\/p>\n<div>Allow domain&#8217;s MXes to send mail for the domain, prohibit all others.<\/div>\n<p><code>\"v=spf1 -all\"<\/code><\/p>\n<div>The domain sends no mail at all.<\/div>\n<p><code>\"v=spf1 +all\"<\/code><\/p>\n<div>The domain owner thinks that SPF is useless and\/or doesn&#8217;t care.<\/div>\n<\/div>\n<p>&nbsp;<\/p>\n<h3><a name=\"0.1.2\"><\/a>The &#8220;<code>ip4<\/code>&#8221; mechanism\u00a0<small><small>(<a href=\"http:\/\/www.openspf.org\/?action=edit&amp;id=Mechanism\/ip4\">edit<\/a>)<\/small><\/small><\/h3>\n<div>\n<pre>ip4:&lt;ip4-address&gt;\r\nip4:&lt;ip4-network&gt;\/&lt;prefix-length&gt;<\/pre>\n<\/div>\n<p>The argument to the &#8220;<code>ip4:<\/code>&#8221; mechanism is an IPv4 network range. If no\u00a0<em>prefix-length<\/em>\u00a0is given, \/32 is assumed (singling out an individual host address).<\/p>\n<p>Examples:<\/p>\n<div>\n<p><code>\"v=spf1 ip4:192.168.0.1\/16 -all\"<\/code><\/p>\n<div>Allow any IP address between 192.168.0.1 and 192.168.255.255.<\/div>\n<\/div>\n<p>&nbsp;<\/p>\n<h3><a name=\"0.1.3\"><\/a>The &#8220;<code>ip6<\/code>&#8221; mechanism\u00a0<small><small>(<a href=\"http:\/\/www.openspf.org\/?action=edit&amp;id=Mechanism\/ip6\">edit<\/a>)<\/small><\/small><\/h3>\n<div>\n<pre>ip6:&lt;ip6-address&gt;\r\nip6:&lt;ip6-network&gt;\/&lt;prefix-length&gt;<\/pre>\n<\/div>\n<p>The argument to the &#8220;<code>ip6:<\/code>&#8221; mechanism is an IPv6 network range. If no\u00a0<em>prefix-length<\/em>\u00a0is given, \/128 is assumed (singling out an individual host address).<\/p>\n<p>Examples:<\/p>\n<div>\n<p><code>\"v=spf1 ip6:1080::8:800:200C:417A\/96 -all\"<\/code><\/p>\n<div>Allow any IPv6 address between 1080::8:800:0000:0000 and 1080::8:800:FFFF:FFFF.<\/div>\n<p><code>\"v=spf1 ip6:1080::8:800:68.0.3.1\/96 -all\"<\/code><\/p>\n<div>Allow any IPv6 address between 1080::8:800:0000:0000 and 1080::8:800:FFFF:FFFF.<\/div>\n<\/div>\n<p>&nbsp;<\/p>\n<h3><a name=\"0.1.4\"><\/a>The &#8220;<code>a<\/code>&#8221; mechanism\u00a0<small><small>(<a href=\"http:\/\/www.openspf.org\/?action=edit&amp;id=Mechanism\/a\">edit<\/a>)<\/small><\/small><\/h3>\n<div>\n<pre>a\r\na\/&lt;prefix-length&gt;\r\na:&lt;domain&gt;\r\na:&lt;domain&gt;\/&lt;prefix-length&gt;<\/pre>\n<\/div>\n<p>All the A records for\u00a0<em>domain<\/em>\u00a0are tested. If the client IP is found among them, this mechanism matches.<\/p>\n<p>If\u00a0<em>domain<\/em>\u00a0is not specified, the\u00a0<em>current-domain<\/em>\u00a0is used.<\/p>\n<p>The A records have to match the client IP exactly, unless a\u00a0<em>prefix-length<\/em>\u00a0is provided, in which case each IP address returned by the A lookup will be expanded to its corresponding\u00a0<a href=\"http:\/\/en.wikipedia.org\/wiki\/Classless_Inter-Domain_Routing\">CIDR<\/a>\u00a0prefix, and the client IP will be sought within that subnet.<\/p>\n<div>\n<p><code>\"v=spf1 a -all\"<\/code><\/p>\n<div>The\u00a0<em>current-domain<\/em>\u00a0is used.<\/div>\n<p><code>\"v=spf1 a:example.com -all\"<\/code><\/p>\n<div>Equivalent if the\u00a0<em>current-domain<\/em>\u00a0is example.com.<\/div>\n<p><code>\"v=spf1 a:mailers.example.com -all\"<\/code><\/p>\n<div>Perhaps example.com has chosen to explicitly list all the outbound mailers in a special A record under mailers.example.com.<\/div>\n<p><code>\"v=spf1 a\/24 a:offsite.example.com\/24 -all\"<\/code><\/p>\n<div>If example.com resolves to 192.0.2.1, the entire class C of 192.0.2.0\/24 would be searched for the client IP. Similarly for offsite.example.com. If more than one A record were returned, each one would be expanded to a\u00a0<a href=\"http:\/\/en.wikipedia.org\/wiki\/Classless_Inter-Domain_Routing\">CIDR<\/a>\u00a0subnet.<\/div>\n<\/div>\n<p>&nbsp;<\/p>\n<h3><a name=\"0.1.5\"><\/a>The &#8220;<code>mx<\/code>&#8221; mechanism\u00a0<small><small>(<a href=\"http:\/\/www.openspf.org\/?action=edit&amp;id=Mechanism\/mx\">edit<\/a>)<\/small><\/small><\/h3>\n<div>\n<pre>mx\r\nmx\/&lt;prefix-length&gt;\r\nmx:&lt;domain&gt;\r\nmx:&lt;domain&gt;\/&lt;prefix-length&gt;<\/pre>\n<\/div>\n<p>All the A records for all the MX records for\u00a0<em>domain<\/em>\u00a0are tested in order of MX priority. If the client IP is found among them, this mechanism matches.<\/p>\n<p>If\u00a0<em>domain<\/em>\u00a0is not specified, the\u00a0<em>current-domain<\/em>\u00a0is used.<\/p>\n<p>The A records have to match the client IP exactly, unless a prefix-length is provided, in which case each IP address returned by the A lookup will be expanded to its corresponding\u00a0<a href=\"http:\/\/en.wikipedia.org\/wiki\/Classless_Inter-Domain_Routing\">CIDR<\/a>\u00a0prefix, and the client IP will be sought within that subnet.<\/p>\n<p>Examples:<\/p>\n<div>\n<p><code>\"v=spf1 mx mx:deferrals.domain.com -all\"<\/code><\/p>\n<div>Perhaps a domain sends mail through its MX servers plus another set of servers whose job is to retry mail for deferring domains.<\/div>\n<p><code>\"v=spf1 mx\/24 mx:offsite.domain.com\/24 -all\"<\/code><\/p>\n<div>Perhaps a domain&#8217;s MX servers receive mail on one IP address, but send mail on a different but nearby IP address.<\/div>\n<\/div>\n<p>&nbsp;<\/p>\n<h3><a name=\"0.1.6\"><\/a>The &#8220;<code>ptr<\/code>&#8221; mechanism\u00a0<small><small>(<a href=\"http:\/\/www.openspf.org\/?action=edit&amp;id=Mechanism\/ptr\">edit<\/a>)<\/small><\/small><\/h3>\n<div>\n<pre>ptr\r\nptr:&lt;domain&gt;<\/pre>\n<\/div>\n<p>The hostname or hostnames for the client IP are looked up using PTR queries. The hostnames are then validated: at least one of the A records for a PTR hostname must match the original client IP. Invalid hostnames are discarded. If a valid hostname ends in domain, this mechanism matches.<\/p>\n<p>If\u00a0<em>domain<\/em>\u00a0is not specified, the\u00a0<em>current-domain<\/em>\u00a0is used.<\/p>\n<p>If at all possible, you should avoid using this mechanism in your SPF record, because it will result in a larger number of expensive DNS lookups.<\/p>\n<p>Examples:<\/p>\n<div>\n<p><code>\"v=spf1 ptr -all\"<\/code><\/p>\n<div>A domain which directly controls all its machines (unlike a dialup or broadband ISP) allows all its servers to send mail. For example, hotmail.com or paypal.com might do this.<\/div>\n<p><code>\"v=spf1 ptr:otherdomain.com -all\"<\/code><\/p>\n<div>Any server whose hostname ends in otherdomain.com is designated.<\/div>\n<\/div>\n<p>&nbsp;<\/p>\n<h3><a name=\"0.1.7\"><\/a>The &#8220;<code>exists<\/code>&#8221; mechanism\u00a0<small><small>(<a href=\"http:\/\/www.openspf.org\/?action=edit&amp;id=Mechanism\/exists\">edit<\/a>)<\/small><\/small><\/h3>\n<div>\n<pre>exists:&lt;domain&gt;<\/pre>\n<\/div>\n<p>Perform an A query on the provided domain. If a result is found, this constitutes a match. It doesn&#8217;t matter what the lookup result is \u2013 it could be 127.0.0.2.<\/p>\n<p>When you use\u00a0<a href=\"http:\/\/www.openspf.org\/RFC_4408#macros\">macros<\/a>\u00a0with this mechanism, you can perform RBL-style reversed-IP lookups, or set up per-user exceptions.<\/p>\n<p>Examples:<\/p>\n<div>\n<p>In the following example, the client IP is 1.2.3.4 and the\u00a0<em>current-domain<\/em>\u00a0is example.com.<\/p>\n<p><code>\"v=spf1 exists:example.com -all\"<\/code><\/p>\n<div>If example.com does not resolve, the result is fail. If it does resolve, this mechanism results in a match.<\/div>\n<\/div>\n<p>&nbsp;<\/p>\n<h3><a name=\"0.1.8\"><\/a>The &#8220;<code>include<\/code>&#8221; mechanism\u00a0<small><small>(<a href=\"http:\/\/www.openspf.org\/?action=edit&amp;id=Mechanism\/include\">edit<\/a>)<\/small><\/small><\/h3>\n<div>\n<pre>include:&lt;domain&gt;<\/pre>\n<\/div>\n<p>The specified\u00a0<em>domain<\/em>\u00a0is searched for a match. If the lookup does not return a match or an error, processing proceeds to the next directive.\u00a0Warning:\u00a0If the\u00a0<em>domain<\/em>\u00a0does not have a valid SPF record, the result is a permanent error. Some mail receivers will reject based on a\u00a0<em>PermError<\/em>.<\/p>\n<p>Examples:<\/p>\n<div>\n<p>In the following example, the client IP is 1.2.3.4 and the\u00a0<em>current-domain<\/em>\u00a0is example.com.<\/p>\n<p><code>\"v=spf1 include:example.com -all\"<\/code><\/p>\n<div>If example.com has no SPF record, the result is\u00a0<em>PermError<\/em>.<\/div>\n<div>Suppose example.com&#8217;s SPF record were &#8220;v=spf1 a -all&#8221;.<\/div>\n<div>Look up the A record for example.com. If it matches 1.2.3.4, return\u00a0<em>Pass<\/em>.<\/div>\n<div>If there is no match, other than the included domain&#8217;s &#8220;<code>-all<\/code>&#8220;, the include as a whole fails to match; the eventual result is still\u00a0<em>Fail<\/em>\u00a0from the outer directive set in this example.<\/div>\n<\/div>\n<p><em>Trust relationships<\/em>\u00a0\u2014 The &#8220;<code>include:<\/code>&#8221; mechanism is meant to cross administrative boundaries. Great care is needed to ensure that &#8220;<code>include:<\/code>&#8221; mechanisms do not place domains at risk for giving SPF<em>Pass<\/em>\u00a0results to messages that result from cross user forgery. Unless technical mechanisms are in place at the specified otherdomain to prevent cross user forgery, &#8220;<code>include:<\/code>&#8221; mechanisms should give a\u00a0<em>Neutral<\/em>\u00a0rather than\u00a0<em>Pass<\/em>\u00a0result. This is done by adding &#8220;?&#8221; in front of &#8220;<code>include:<\/code>&#8220;. The example above would be:<\/p>\n<div>\n<p><code>\"v=spf1 ?include:example.com -all\"<\/code><\/p>\n<\/div>\n<p>In hindsight, the name &#8220;include&#8221; was poorly chosen. Only the evaluated result of the referenced SPF record is used, rather than acting as if the referenced SPF record was literally included in the first. For example, evaluating a &#8220;<code>-all<\/code>&#8221; directive in the referenced record does not terminate the overall processing and does not necessarily result in an overall\u00a0<em>Fail<\/em>. (Better names for this mechanism would have been &#8220;if-pass&#8221;, &#8220;on-pass&#8221;, etc.)<\/p>\n<h2><a name=\"0.2\"><\/a>Modifiers<\/h2>\n<p>Modifiers are optional. A modifier may appear only once per record. Unknown modifiers are ignored.<\/p>\n<p>&nbsp;<\/p>\n<h3><a name=\"0.2.1\"><\/a>The &#8220;<code>redirect<\/code>&#8221; modifier\u00a0<small><small>(<a href=\"http:\/\/www.openspf.org\/?action=edit&amp;id=Modifier\/redirect\">edit<\/a>)<\/small><\/small><\/h3>\n<div>\n<pre>redirect=&lt;domain&gt;<\/pre>\n<\/div>\n<p>The SPF record for\u00a0<em>domain<\/em>\u00a0replace the current record. The macro-expanded\u00a0<em>domain<\/em>\u00a0is also substituted for the\u00a0<em>current-domain<\/em>\u00a0in those look-ups.<\/p>\n<p>Examples:<\/p>\n<div>\n<p>In the following example, the client IP is 1.2.3.4 and the\u00a0<em>current-domain<\/em>\u00a0is example.com.<\/p>\n<p><code>\"v=spf1 redirect=example.com\"<\/code><\/p>\n<div>If example.com has no SPF record, that is an error; the result is unknown.<\/div>\n<div>Suppose example.com&#8217;s SPF record was &#8220;v=spf1 a -all&#8221;.<\/div>\n<div>Look up the A record for example.com. If it matches 1.2.3.4, return\u00a0<em>Pass<\/em>.<\/div>\n<div>If there is no match, the exec fails to match, and the -all value is used.<\/div>\n<\/div>\n<p>&nbsp;<\/p>\n<h3><a name=\"0.2.2\"><\/a>The &#8220;<code>exp<\/code>&#8221; modifier\u00a0<small><small>(<a href=\"http:\/\/www.openspf.org\/?action=edit&amp;id=Modifier\/exp\">edit<\/a>)<\/small><\/small><\/h3>\n<div>\n<pre>exp=&lt;domain&gt;<\/pre>\n<\/div>\n<p>If an SMTP receiver rejects a message, it can include an explanation. An SPF publisher can specify the explanation string that senders see. This way, an ISP can direct nonconforming users to a web page that provides further instructions about how to configure SASL.<\/p>\n<p>The\u00a0<em>domain<\/em>\u00a0is expanded; a TXT lookup is performed. The result of the TXT query is then macro-expanded and shown to the sender. Other\u00a0<a href=\"http:\/\/www.openspf.org\/RFC_4408#macros\">macros<\/a>\u00a0can be used to provide an customized explanation.<\/p>\n<div><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>&nbsp; SPF Record Syntax Note:\u00a0This page serves as an introduction and quick overview of SPF mechanism syntax. For the complete and definitive picture, please see the\u00a0specification. Domains define zero or more\u00a0mechanisms. Mechanisms can be used to describe the set of hosts which are designated outbound mailers for the domain. all\u00a0|\u00a0ip4\u00a0|\u00a0ip6\u00a0|\u00a0a\u00a0|\u00a0mx\u00a0|\u00a0ptr\u00a0|\u00a0exists\u00a0|\u00a0include Domains may also define\u00a0modifiers. Each&hellip; <a class=\"more-link\" href=\"https:\/\/www.mostlyharmless.nl\/index.php\/2013\/10\/26\/sender-policy-framework\/\">Lees verder <span class=\"screen-reader-text\">Sender Policy Framework<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[41],"tags":[],"class_list":["post-81","post","type-post","status-publish","format-standard","hentry","category-dns-records","entry"],"_links":{"self":[{"href":"https:\/\/www.mostlyharmless.nl\/index.php\/wp-json\/wp\/v2\/posts\/81","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mostlyharmless.nl\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mostlyharmless.nl\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mostlyharmless.nl\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mostlyharmless.nl\/index.php\/wp-json\/wp\/v2\/comments?post=81"}],"version-history":[{"count":5,"href":"https:\/\/www.mostlyharmless.nl\/index.php\/wp-json\/wp\/v2\/posts\/81\/revisions"}],"predecessor-version":[{"id":93,"href":"https:\/\/www.mostlyharmless.nl\/index.php\/wp-json\/wp\/v2\/posts\/81\/revisions\/93"}],"wp:attachment":[{"href":"https:\/\/www.mostlyharmless.nl\/index.php\/wp-json\/wp\/v2\/media?parent=81"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mostlyharmless.nl\/index.php\/wp-json\/wp\/v2\/categories?post=81"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mostlyharmless.nl\/index.php\/wp-json\/wp\/v2\/tags?post=81"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}