I'm not sure if this is the designed behavior or not, I tried looking in the
mail archive's but could not find anything, but here is the issue:
I setup an spf record for mail.fdn.com to be "v=spf1 a mx ptr -all"
Using the SPF tester at http://spftools.infinitepenguins.net/ I set the SMTP
client IP address to be the IP address of our DNS caching server
(nsmail.fdn.com 216.199.46.17) According to the tester it matched the ptr
test, and I think it did because the caching server name has 'mail.fdn.com'.
The result
IP '216.199.46.17' HELO 'fdn' SENDER 'test(_at_)mail(_dot_)fdn(_dot_)com'
Testing record for mail.fdn.com (probably v=spf1 a mx ptr -all)
Calling: /usr/local/bin/spfqtool -i 216.199.46.17 -s
test(_at_)mail(_dot_)fdn(_dot_)com -h
fdn
Response:
spfqtool (reference implementation) says:
SPF short result: fail
SPF verbose result: policy result: (fail) from rule (-all)
RFC2822 header: Received-SPF: fail (fdn: domain of
test(_at_)mail(_dot_)fdn(_dot_)com
does not designate 216.199.46.17 as permitted sender) receiver=fdn;
client_ip=216.199.46.17; envelope-from=test(_at_)mail(_dot_)fdn(_dot_)com;
PHP spf1_parser says:
Received-SPF: pass (match ptr)
Does SPF perform a forward and reverse check or just a reverse check?