An ISP in singapore has published SPF records. They try to send mail
from one of their MTAs: velum.qala.com.sg
velum.qala.com.sg text "v=spf1 redirect=_spf.qala.com.sg"
_spf.qala.com.sg text "v=spf1 a -all exp=spfexp.qalacom.com"
This gets SPF FAIL for any IP - because there is no A record
for _spf.qala.com.sg.
The problem revolves around the default domain used for an A mechanism
with no argument. I'm looking at draft-lentczner-spf-00, and it says
that redirect sets <domain> to the new fqn, and leaves <sender> the same.
I says that <domain-spec> defaults to <domain>. The qala.com.sg
domain is apparently expecting it to default to the domain part of <sender>,
i.e. %{o}.
Is there another draft where <domain-spec> defaults to %{o}? Or does this
ISP have a problem? Or do I have a problem in my SPF checker? Or are
there dueling defaults?
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.