spf-discuss
[Top] [All Lists]

Please stop publishing -all it is NOT time yet

2004-06-13 10:27:15
On Sun, 2004-06-13 at 07:12, Michael Weiner wrote:

I am having some issues telling whether or not spf is working due to
some errors i am seeing coming back in the email headers from one of my
users. I have spf and srs setup in accordance with all the information i
could find at pobox (at least i believe i have). And i have srs embedded
within sendmail for envelope rewriting. Anyway, i am seeing some issues
here.


-- snip! --

Already went over this with Micahel off-list, but for the benefit of
everyone here were the results:

Further investigation reveals that as a result of the random return
order behaviour of DNS the inconsistencies are likely the result of the
SPF record being:

v=spf1 mx a:sunshine.userfriendly.net a:nomad.userfriendly.net 
a:niteowl.userfriendly.net a:moonbeam.userfriendly.net ip4:68.22.33.177/32
ip4:68.22.33.178/32 ip4:68.22.33.179/32 ip4:68.22.33.180/32 
ip4:68.22.33.181/32
ip4:68.22.33.182/32 -all The UserFriendly Network

and then other times:

The UserFriendly Network v=spf1 mx a:sunshine.userfriendly.net 
a:nomad.userfriendly.net a:niteowl.userfriendly.net 
a:moonbeam.userfriendly.net
ip4:68.22.33.177/32 ip4:68.22.33.178/32 ip4:68.22.33.179/32 
ip4:68.22.33.180/32
ip4:68.22.33.181/32 ip4:68.22.33.182/32 -all

Which may or may not be causing your SPF parser to barf when the non-SPF
TXT record is prepended but not when its appended.  Either way I believe
your SPF parser to be broken.

Also for the benefit of anyone else reading here, people need to stop
publishing -all.  Its TOO early.  Michael is not only having this
problem, but getting e-mail rejected as a result!  This behaviour will
only damage the reputation of SPF.

It is not my place to request this, so listen if you feel its sound
advice.  Please stop publishing records with -all.  It is TOO EARLY.

Dennis Dayman from Verizon has already discovered this and I suggest
that those who care, follow his example and revert to ?all until its the
proper time.  Behaviour like -all is only going to alienate us from
those who oppose SPF for REASONS JUST LIKE THIS.  Sorry about the caps
abuse, but trying to make a point.

Reference threads re: Dennis Dayman & Verizon:

Dennis Dayman:
http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200406/0456.html

Meng Weng Wong:
http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200406/0458.html

In situations like this ask your self, WWMD or WWMWWD? ;)

pobox.com.              600     IN      TXT     "v=spf1 mx
mx:fallback-relay.pobox.com a:smtp.pobox.com a:emerald.pobox.com ?all"

I'm not attempting to be bossy or something of that nature, but I care
about our success enough to take a little flame or heat from anyone who
cares to reason otherwise.

Cheers,

James

-- 
James Couzens,
Programmer
-----------------------------------------------------------------
XML is WRONG, and here it doesn't BELONG.
Neither in SPF, nor inside of DNS,
its fat and its bloated and so I express:
JSON - "The FAT FREE alternative to XML"
http://www.crockford.com/JSON/xml.html
-----------------------------------------------------------------
http://libspf.org -- ANSI C Sender Policy Framework library
http://libsrs.org -- ANSI C Sender Rewriting Scheme library
-----------------------------------------------------------------
PGP: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBD3BF855

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Send us money!  http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

Attachment: signature.asc
Description: This is a digitally signed message part