Please stop publishing -all it is NOT time yet2004-06-13 10:27:15On Sun, 2004-06-13 at 07:12, Michael Weiner wrote: I am having some issues telling whether or not spf is working due to some errors i am seeing coming back in the email headers from one of my users. I have spf and srs setup in accordance with all the information i could find at pobox (at least i believe i have). And i have srs embedded within sendmail for envelope rewriting. Anyway, i am seeing some issues here. -- snip! -- Already went over this with Micahel off-list, but for the benefit of everyone here were the results: Further investigation reveals that as a result of the random return order behaviour of DNS the inconsistencies are likely the result of the SPF record being: v=spf1 mx a:sunshine.userfriendly.net a:nomad.userfriendly.net a:niteowl.userfriendly.net a:moonbeam.userfriendly.net ip4:68.22.33.177/32 ip4:68.22.33.178/32 ip4:68.22.33.179/32 ip4:68.22.33.180/32 ip4:68.22.33.181/32 ip4:68.22.33.182/32 -all The UserFriendly Network and then other times: The UserFriendly Network v=spf1 mx a:sunshine.userfriendly.net a:nomad.userfriendly.net a:niteowl.userfriendly.net a:moonbeam.userfriendly.net ip4:68.22.33.177/32 ip4:68.22.33.178/32 ip4:68.22.33.179/32 ip4:68.22.33.180/32 ip4:68.22.33.181/32 ip4:68.22.33.182/32 -all Which may or may not be causing your SPF parser to barf when the non-SPF TXT record is prepended but not when its appended. Either way I believe your SPF parser to be broken. Also for the benefit of anyone else reading here, people need to stop publishing -all. Its TOO early. Michael is not only having this problem, but getting e-mail rejected as a result! This behaviour will only damage the reputation of SPF. It is not my place to request this, so listen if you feel its sound advice. Please stop publishing records with -all. It is TOO EARLY. Dennis Dayman from Verizon has already discovered this and I suggest that those who care, follow his example and revert to ?all until its the proper time. Behaviour like -all is only going to alienate us from those who oppose SPF for REASONS JUST LIKE THIS. Sorry about the caps abuse, but trying to make a point. Reference threads re: Dennis Dayman & Verizon: Dennis Dayman: http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200406/0456.html Meng Weng Wong: http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200406/0458.html In situations like this ask your self, WWMD or WWMWWD? ;) pobox.com. 600 IN TXT "v=spf1 mx mx:fallback-relay.pobox.com a:smtp.pobox.com a:emerald.pobox.com ?all" I'm not attempting to be bossy or something of that nature, but I care about our success enough to take a little flame or heat from anyone who cares to reason otherwise. Cheers, James -- James Couzens, Programmer ----------------------------------------------------------------- XML is WRONG, and here it doesn't BELONG. Neither in SPF, nor inside of DNS, its fat and its bloated and so I express: JSON - "The FAT FREE alternative to XML" http://www.crockford.com/JSON/xml.html ----------------------------------------------------------------- http://libspf.org -- ANSI C Sender Policy Framework library http://libsrs.org -- ANSI C Sender Rewriting Scheme library ----------------------------------------------------------------- PGP: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBD3BF855 ------- Sender Policy Framework: http://spf.pobox.com/ Archives at http://archives.listbox.com/spf-discuss/current/ Send us money! http://spf.pobox.com/donations.html To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
|
|