In <404A289E(_dot_)60401(_at_)gladstonefamily(_dot_)net> Philip Gladstone
<philip-spf(_at_)gladstonefamily(_dot_)net> writes:
I think that the problem is a 'feature' of the MSQ code that validates
that the sender's domain actually exists (i.e. doesn't return
NXDOMAIN), and returns FAIL if not.
Interesting. This change in the spec occurred between 2.9.5 and 2.9.6
and I wasn't aware that implementations can now either return "fail" or
"none" on NXDOMAIN. The change in the code occurred between 1.991 and
1.996 (I'm not sure exactly where, I haven't checked all versions.)
I personally can see no value in returning "fail" for missing
domains, and I think that doing so is not failsafe. If someone screws
up their zone file, a lot of mail could suddenly start being rejected
by the SPF check rather than falling back to "none".
I suspect that this logic probably
should not be present for the HELO fallback case -- maybe it should
return SOFTFAIL instead.
I think this logic probably should not be present period.
-wayne