On Sun, 2004-06-13 at 07:12, Michael Weiner wrote:
I am having some issues telling whether or not spf is working due to
some errors i am seeing coming back in the email headers from one of my
users. I have spf and srs setup in accordance with all the information i
could find at pobox (at least i believe i have). And i have srs embedded
within sendmail for envelope rewriting. Anyway, i am seeing some issues
here.
-- snip! --
Already went over this with Micahel off-list, but for the benefit of
everyone here were the results:
Further investigation reveals that as a result of the random return
order behaviour of DNS the inconsistencies are likely the result of the
SPF record being:
v=spf1 mx a:sunshine.userfriendly.net a:nomad.userfriendly.net
a:niteowl.userfriendly.net a:moonbeam.userfriendly.net ip4:68.22.33.177/32
ip4:68.22.33.178/32 ip4:68.22.33.179/32 ip4:68.22.33.180/32
ip4:68.22.33.181/32
ip4:68.22.33.182/32 -all The UserFriendly Network
and then other times:
The UserFriendly Network v=spf1 mx a:sunshine.userfriendly.net
a:nomad.userfriendly.net a:niteowl.userfriendly.net
a:moonbeam.userfriendly.net
ip4:68.22.33.177/32 ip4:68.22.33.178/32 ip4:68.22.33.179/32
ip4:68.22.33.180/32
ip4:68.22.33.181/32 ip4:68.22.33.182/32 -all
Which may or may not be causing your SPF parser to barf when the non-SPF
TXT record is prepended but not when its appended. Either way I believe
your SPF parser to be broken.
Also for the benefit of anyone else reading here, people need to stop
publishing -all. Its TOO early. Michael is not only having this
problem, but getting e-mail rejected as a result! This behaviour will
only damage the reputation of SPF.
It is not my place to request this, so listen if you feel its sound
advice. Please stop publishing records with -all. It is TOO EARLY.
Dennis Dayman from Verizon has already discovered this and I suggest
that those who care, follow his example and revert to ?all until its the
proper time. Behaviour like -all is only going to alienate us from
those who oppose SPF for REASONS JUST LIKE THIS. Sorry about the caps
abuse, but trying to make a point.
Reference threads re: Dennis Dayman & Verizon:
Dennis Dayman:
http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200406/0456.html
Meng Weng Wong:
http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200406/0458.html
In situations like this ask your self, WWMD or WWMWWD? ;)
pobox.com. 600 IN TXT "v=spf1 mx
mx:fallback-relay.pobox.com a:smtp.pobox.com a:emerald.pobox.com ?all"
I'm not attempting to be bossy or something of that nature, but I care
about our success enough to take a little flame or heat from anyone who
cares to reason otherwise.
Cheers,
James
--
James Couzens,
Programmer
-----------------------------------------------------------------
XML is WRONG, and here it doesn't BELONG.
Neither in SPF, nor inside of DNS,
its fat and its bloated and so I express:
JSON - "The FAT FREE alternative to XML"
http://www.crockford.com/JSON/xml.html
-----------------------------------------------------------------
http://libspf.org -- ANSI C Sender Policy Framework library
http://libsrs.org -- ANSI C Sender Rewriting Scheme library
-----------------------------------------------------------------
PGP: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBD3BF855
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Send us money! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
signature.asc
Description: This is a digitally signed message part