In <002501c58e44$d3e02690$840cea3c(_at_)lennon2> "Craig Whitmore"
<lennon(_at_)orcon(_dot_)net(_dot_)nz> writes:
-------------------------
Craig, My DNS guys say that the spf spec has been updated since they
implemented it. They've confirmed that they need to change "ip" to
"ip4".
They said that the spec says that if the record is broken that the
receiving mail server should allow the mail (until spf becomes more
pervasive, which I guess it now is) Anyway, they will fix this and also
be making other changes they tell me by tomorrow.
Thanks again very much for pointing out this issue,
----------------------------
Regarding their points on the SPF specs changing from ip: -> ip4: When was
this? (or did it ever)
There was *never* an "ip:" mechanism. Nor has there ever been an
"ipv4" mechanism. Nor has the "a:" mechanism ever accepted an IP
address. These are all common errors though. "The spec changed" is
also common excuse.
And in regards to broken SPF records they should be rejected AFAIK?
As far as not rejecting the email due to a PermError, yes, that has
usually been what the spec said. The mengwong-spf-* specs from early
last year said:
Unknown: indicates incomplete processing: an MTA MUST proceed as
if a domain did not publish SPF data.
Recall that Unknown has been renamed to PermError and was originally
intended for dealing with "unknown" mechanism as an extention system
for SPF. There was never really a "syntax error" status. The earlier
schlitt-spf-classic-* specs was not incompatible on this point, saying
that the email SHOULD be rejected. The current spec remains moot on
what should happen on a PermError. This is a controversial subject.
-wayne