Hi again,
Well, there is quite a chance that the concerned individuals won't ever get
this message ;-)
(Maybe somebody from a domain without SPF records could forward this message
to the list again ?)
Funny enough, when I post to this list, when my message gets forwarded by
listbox server, I quite quickly receive a number of SPF DNS queries which do
NOT originate from listbox's server (that would be logical), but OTOH
originate from other machines, surely MTAs at recipient's domains.
This definitely should *not* happen, as SPF should check the "MAIL FROM:",
which is
Return-Path:
<listbox+trampoline+111+2222222+33333333(_at_)v2(_dot_)listbox(_dot_)com>
So listbox.com's SPF record should be checked, NOT mine, but it seems that
some implementations use the "From: " header, which is not a good SPF
implementation.
Examples:
Jul 21 19:49:41 totor named[2027]: client aaa.bbb.ccc.ddd#53: query:
_ep.bouissou.net IN TXT
(Oho, this one is looking for an MS Caller-ID record... Broken too as
listbox.com adds a "Sender: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com"
header)
Jul 21 19:49:41 totor named[2027]: client eee.fff.ggg.hhh#53: query:
bouissou.net IN TXT
Jul 21 19:49:41 totor named[2027]: client eee.fff.ggg.hhh#53: query:
explain._spf.bouissou.net IN TXT
(This one asks for my failure message, but it has not checked my "exists"
mechanism. Broken implementation ?)
Jul 21 19:49:48 totor named[2027]: client iii.jjj.kkk.lll#32768: query:
bouissou.net IN TXT
Jul 21 19:49:48 totor named[2027]: client iii.jjj.kkk.lll#32768: query:
1.58.208.michel._spf.bouissou.net IN A
Jul 21 19:49:49 totor named[2027]: client iii.jjj.kkk.lll#32768: query:
explain._spf.bouissou.net IN TXT
(This one checked my "exists" mechanism using listbox's server IP address. Uh,
broken implementation. Then it takes my custom refusal message.)
Jul 21 19:49:49 totor named[2027]: client mmm.nnn.ooo.ppp#32769: query:
bouissou.net IN TXT
(This one only gets my main SPF record, nothing else).
Jul 21 19:49:53 totor named[2027]: client qqq.rrr.sss.ttt#51003: query:
125.210.208.michel._spf.bouissou.net IN A
Jul 21 19:49:53 totor named[2027]: client qqq.rrr.sss.ttt#53413: query:
explain._spf.bouissou.net IN TXT
(This on is probably checking my exists mechanism against a listbox IP, then
fetches my failure message...)
Jul 21 20:49:13 totor named[2027]: client qqq.rrr.sss.ttt#4940: query:
125.210.208.michel._spf.bouissou.net IN A
Jul 21 20:49:13 totor named[2027]: client qqq.rrr.sss.ttt#45804: query:
explain._spf.bouissou.net IN TXT
(Same behaviour again from same remote client)
Weird enough, isn't it ?
--
Michel Bouissou <michel(_at_)bouissou(_dot_)net> OpenPGP ID 0xDDE8AC6E