I;ve now had two false positives with SPF. One was ticketmaster.com and
the other in.roving.com.
In the ticketmaster.com case, it appeared that they had the number of
subnet bits wrong on one of their ip4: entries.
This leads me to think that it might be useful to have an spf tester
service that would receive email, and would discard PASS messages. All
other statuses would be notified to an administrator. I.e. an
administrator could sign up for this service, and be given an email
address (that is tied to them). The administrator would then add this
email address into their standard mailing list(s), and would be notified
if messages were being denied.
I suspect that most organizations just pitch error responses when they
blast out their email lists, so they will not catch their own SPF record
errors.
Philip
--
Philip Gladstone
* Check out the live pondcam at http://pond.gladstonefamily.net