My SPF implementation is returning TEMPFAIL: DNS timeout when evaluating
the best guess record "v=spf1 a/24 mx/24 ptr ?all" for STEGMAN.COM.
The reason is the following:
$ host -t mx stegman.com
stegman.com mail is handled by 10 pmail-baltimore.stegman.com.
stegman.com mail is handled by 20 mail2.pgnst.com.
$ host pmail-baltimore.stegman.com
pmail-baltimore.stegman.com has address 209.190.237.177
$ host mail2.pgnst.com
;; connection timed out; no servers could be reached
The connecting IP was from mx1.atlantech.net at 209.190.212.6, so it
doesn't match the first MX (or the A). Obviously, if this were a real
SPF record, the result is correct. However, for a guessed record,
it seems to me that a DNS error should result in the mechanism
failing to match instead of a temporary error. Does any other implementation
do this? Is it a good idea?
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.