spf-discuss
[Top] [All Lists]

Broken SPF implementations among this list's subscribers ?

2004-07-21 12:10:19
Hi again,

Well, there is quite a chance that the concerned individuals won't ever get 
this message ;-)

(Maybe somebody from a domain without SPF records could forward this message 
to the list again ?)


Funny enough, when I post to this list, when my message gets forwarded by 
listbox server, I quite quickly receive a number of SPF DNS queries which do 
NOT originate from listbox's server (that would be logical), but OTOH 
originate from other machines, surely MTAs at recipient's domains.

This definitely should *not* happen, as SPF should check the "MAIL FROM:", 
which is
Return-Path: 
<listbox+trampoline+111+2222222+33333333(_at_)v2(_dot_)listbox(_dot_)com>

So listbox.com's SPF record should be checked, NOT mine, but it seems that 
some implementations use the "From: " header, which is not a good SPF 
implementation.


Examples:

Jul 21 19:49:41 totor named[2027]: client aaa.bbb.ccc.ddd#53: query: 
_ep.bouissou.net IN TXT

(Oho, this one is looking for an MS Caller-ID record... Broken too as 
listbox.com adds a "Sender: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com" 
header)


Jul 21 19:49:41 totor named[2027]: client eee.fff.ggg.hhh#53: query: 
bouissou.net IN TXT
Jul 21 19:49:41 totor named[2027]: client eee.fff.ggg.hhh#53: query: 
explain._spf.bouissou.net IN TXT

(This one asks for my failure message, but it has not checked my "exists" 
mechanism. Broken implementation ?)


Jul 21 19:49:48 totor named[2027]: client iii.jjj.kkk.lll#32768: query: 
bouissou.net IN TXT
Jul 21 19:49:48 totor named[2027]: client iii.jjj.kkk.lll#32768: query: 
1.58.208.michel._spf.bouissou.net IN A
Jul 21 19:49:49 totor named[2027]: client iii.jjj.kkk.lll#32768: query: 
explain._spf.bouissou.net IN TXT

(This one checked my "exists" mechanism using listbox's server IP address. Uh, 
broken implementation. Then it takes my custom refusal message.)


Jul 21 19:49:49 totor named[2027]: client mmm.nnn.ooo.ppp#32769: query: 
bouissou.net IN TXT

(This one only gets my main SPF record, nothing else).


Jul 21 19:49:53 totor named[2027]: client qqq.rrr.sss.ttt#51003: query: 
125.210.208.michel._spf.bouissou.net IN A
Jul 21 19:49:53 totor named[2027]: client qqq.rrr.sss.ttt#53413: query: 
explain._spf.bouissou.net IN TXT

(This on is probably checking my exists mechanism against a listbox IP, then 
fetches my failure message...)


Jul 21 20:49:13 totor named[2027]: client qqq.rrr.sss.ttt#4940: query: 
125.210.208.michel._spf.bouissou.net IN A
Jul 21 20:49:13 totor named[2027]: client qqq.rrr.sss.ttt#45804: query: 
explain._spf.bouissou.net IN TXT

(Same behaviour again from same remote client)

Weird enough, isn't it ?

-- 
Michel Bouissou <michel(_at_)bouissou(_dot_)net> OpenPGP ID 0xDDE8AC6E