spf-discuss
[Top] [All Lists]

Re: How to built an SPF record that is split in substrings?

2004-04-06 08:31:59
In <4072B718(_dot_)5060302(_at_)omniti(_dot_)com> Theo Schlossnagle 
<jesus(_at_)omniti(_dot_)com> writes:

wayne wrote:

In <8036904(_at_)pamho(_dot_)net> "Roger Moser" 
<Roger(_dot_)Moser(_at_)pamho(_dot_)net> writes:

tdlc.com. 3600 IN TXT (
 "v=spf1"
[snip]
 "-all"
 )

The SPF spec says how to concatenate the strings.  It should not
insert spaces.

Can you point me to that section?  I didn't see that.

Well, I checked and I can't find anything in the spec.

I may have been misremembering the "concatinate multiple explanation
TXT RRs" thing, but the spec appears to be silent on the subject of
what to do with multiple substrings on a single TXT RR.

I may also be (mis-?) remembering conversations with Meng on the
subject, but I can't find anything in the mailing list archive about
this subject.


                                                       Most resolving
libraries that I've seen that concatenate segmented txt records do so
with a space separating every item.

From what I've seen, the results from resolving libraries to TXT RRs
with multiple TXT strings varies widely.

BIND returns the TXT record with the substrings preserved, so the
application can deal with them as they wish.  If I understand the perl
Net::DNS::Resolver library correctly, it also returns the substrings
rather than doing anything with them.

Can you add some more data points about other resolvers?


If it is ambigious, then I would suggest requiring that the resolver
concatenate all TXT segments with a single space separator.

Well, that will certainly break a lot of SPF records that are
published with djbdns and a few that are published with BIND.  Domain
owners don't generally know that a single string in quotes that
happens to be over some magic length will have spaces inserted into
them at apparently random spots.

                                                             If you
use "dig" you will see that it does so (as well as quoting them).

The way I interpret the output of dig is that it shows each individual
substring in quotes.  It makes no determination on what an application
should do when presented with multiple substrings.


Obviously, the SPF spec wouldn ot require (or be accepting of) quoting
the pieces, but the space seperation is quite intuitive and matches
several prior implementations of DNS-related applications.

I think the SPF spec needs to say something on the subject.  I
personally think the least surprising thing for the majority of domain
owners would be to concatenate them without spaces, but if we decide
to add spaces, I will update libspf-alt.


I did some checking.  As just one of many examples, kabbalah.com
publishes the following SPF record:

  "v=spf1 mx ptr mx:kabbalah.com ip4:64.239.129.96/27 ip4:208.179.200.0/27 
ip4:208.179.207.32/27 ip4:12.35.200.64/27 ip4:63.212.16" "7.64/27 ?all"

Apparently, kabbalah.com uses djbdns and had their TXT record broken
in two at 127 bytes.

libspf-alt v0.3 concatenates them without spaces.

M:S:Q v1.997 concatenates them without spaces.

PHP (the SPF adoption roll) only parses the first substring.

libspf I believe concatenates them with spaces.  (I could be reading
the source wrong though.)



tdlc.com.               1H IN TXT       "v=spf1" "a" "mx" "ptr"
"a:smtp.meridiancg.com" "a:email.meridiancg.com"
"a:smtp-high.meridiancg.com" "ip4:69.7.105.0/27" "208.20.231.0/24"
"-all"

-- 
// Theo Schlossnagle
// Principal Engineer -- http://www.omniti.com/~jesus/
// Postal Engine -- http://www.postalengine.com/
// Ecelerity: fastest MTA on Earth

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/spf-draft-200403.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your
subscription, please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com