-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Allyn
Wade
Sent: Thursday, July 07, 2005 4:03 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] SPF Validation Tools - Yet Another One
Scott Kitterman wrote:
One of the frequent problems I've seen with some of the SPF
checking tools
is that they either just do a static validation of the syntax of a record
(and thus miss included domains with no SPF record or DNS lookup errors)
or
they do a full test. There doesn't appear to be any in between. So, in
the
spirit of re-inventing the wheel, only hopefully a little better... here
is
another web page for SPF testing:
http://www.kitterman.com/spf/validate.html
It comes in three parts:
1. Enter a domain name and the SPF record is loaded and tested
(including
processing limits and non-existent included domains/SPF records).
2. Enter an SPF record directly and it's tested/validated.
3. Enter an IP/Mail From/HELO or IP/SPF policy to test against specific
IP
addresses.
This is at best a Beta site at this point and I'd like suggestions (on or
off list, I don't care, but off list certainly for anything not
of general
interest).
Scott K
P.S. This is using the latest version of the Python SPF library (thanks,
Stuart). It implements the processing limits and error syntax in the
current draft.
This is a very interesting looking tool!
I tried it for one of the test domains under spf1-test.mailzone.com, which
has a couple of problems, and it did seem to confuse parts of the tool.
For Domain Name I entered "99.spf1-test.mailzone.com", and pressed the "Get
SPF record" button. Here's what I got:
accepted, querying now...
99.spf1-test.mailzone.com
SPF records are published in DNS as TXT records. The TXT records found for
your domain are:
v=spf1 -all exp=99txt.spf1-test.mailzone.com moo
Checking to see if there is a valid SPF record.
Found SPF record, for: 99.spf1-test.mailzone.com
v=spf1 -all exp=99txt.spf1-test.mailzone.com moo
evaluating...
I gave it a couple of minutes, but it never gave any more output.
I went back to the main page and entered the record directly ("v=spf1 -all
exp=99txt.spf1-test.mailzone.com moo") and pressed the "Check SPF Record"
button. Same thing:
Input accepted, querying now...
evaluating v=spf1 -all exp=99txt.spf1-test.mailzone.com moo ...
I tried dropping the trailing "moo", but got the same thing again. Only
when I also dropped the -exp= part, leaving just "v=spf1 -all" did it give
me:
Input accepted, querying now...
evaluating v=spf1 -all ...
SPF record passed validation test with pySPF (Python SPF library)!
I then tried the last section, and got the following:
Input accepted, querying now...
Mail sent from: 192.0.2.33
Mail from (Sender): bob(_at_)99(_dot_)spf1-test(_dot_)mailzone(_dot_)com
Mail checked using this SPF policy: v=spf1 -all
exp=99txt.spf1-test.mailzone.com moo
Results - FAIL Message may be rejected
So it didn't seem to confuse this part of the tool for some reason.
Now I think this is OK (given the ambiguous nature of record evaluation -
the "moo" would cause my SPF implementation to return PermError, but I'm
guessing the python implementation just goes left to right, and never sees
"moo").
The reason I picked on this particular record, is that, apart from the
"moo", it has, indirectly, another slight problem - the TXT record for the
exp= domain (99txt.spf1-test.mailzone.com) contains a syntax error (it uses
an undefined macro letter, "u").
That seems a bit subtle, and I didn't really expect the tool to
notice/care,
but I was just curious.
Cheers,
Allyn
Thanks. That took a while to get to, but pySPF will now detect the
undefined macro, raise a syntax error, and then ignore the exp string with
the error in it. That's how I think schlitt-spf-classic-02 says it should
be processed.
We still go right to left and don't detect the moo on the end, but I'm not
sure how important that is...
Scott K