John Keown wrote:
Below you can all see the spf records published by surgeweb.com. This is an
example of good intentions of a mail administrator trying to do the right
thing but lacking an understanding of the internet and ip space. You can see
that the spf records for ip is incorrect. the did not specify a boundary
when describing the class c range. They used .1 not .0. I have sent 2 email
to the postmaster informing of his error and either he did not receive the
emails, just ignored them or feel he is correct in his notation.
The end results is his spf records are useless as they do not parse
properly.
v=spf1 ip4:216.65.64.1/24 ip4:216.65.3.1/24 a:send1.surgeweb.com mx -all
Hmm.
Supposing there were DNS records:
smtp.example.com. A 192.168.1.1
mx.example.com. A 192.168.1.19
example.com. MX mx.example.com.
example.com. TXT "v=spf1 a:smtp.example.com/28 mx -all"
Would your parser handle that record (which is definitely allowed by the spec)
correctly, yet barf on:
example.com. TXT "v=spf1 ip4:192.168.1.1/28 ip4:192.168.1.19
-all"
(which might be viewed as an optimised version of the previous one)?
I'm with Jon Postel on this one: "Be liberal in what you accept, and
conservative in what you send".
Paul.