Our record has a ~all at the end of it, as per the wizard. But I am seeing
more and more reference to -all. Is this correct or is this something that I
need to fix.
stuart(_at_)bmsi(_dot_)com 3/15/2005 10:49:44 AM >>>
On Tue, 15 Mar 2005, Slava Madrit wrote:
I was hoping someone can give me some help here. We have had our SPF record
for salans.com setup for some time and have not had any issues. Suddenly,
yesterday we got rejections from 2 separate domains. I used the checker on
pobox and it said the message should have been accepted since all of the SPF
info was correct. So what is the problem and how do I send to these people
now, since they claim that the problem is on our end. The checker message is
below. Any help would be greatly appreciated.
==================================================
server152-han.de-nserver.de rejected a message claiming to be from
smadrit(_at_)salans(_dot_)com(_dot_)
server152-han.de-nserver.de saw a message coming from the IP address
212.67.88.227 which is mail-cz.salans.com; the sender claimed to be
smadrit(_at_)salans(_dot_)com(_dot_)
I get PASS for that data also. I am assuming that your HELO name is
mail-cz.salans.com. Bad HELO name is a common problem.
There seems to be a problem with their checker. I suggest creating
a subdomain - or just using mail-cz.salans.com - with which to send
them email about the problem. The subdomain can have no SPF record
(like mail-cz.salans.com), or an even simpler one (like "v=spf1 a").
Many SPF implementations have problems with the PTR mechanism.
Your domain fails the MX mechanism, and only passes because of PTR.
Actually, I suggest that mail-cz.salans.com have an spf record
of "v=spf1 a". This ought to be redundant, since it was required
by rfc2821 before SPF was invented. But so many clueless admins don't
comply with 2821, that it is necessary to tolerate bogus HELO domains
until compliance is explicitly published via SPF.
BTW, another possibility is that de-nserver.de is not checking SPF,
but has rolled their own IP address checking heuristic which does
not depend on published policy (a key feature of SPF) and goes
wrong with your setup. Their rejection message does not mention SPF,
and their message seems to imply that they expect all senders to have
a policy equivalent to "v=spf1 a -all".
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Read the whitepaper! http://spf.pobox.com/whitepaper.pdf
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
_________________________________________________________
The information transmitted is intended only for the person or
entity to which it is addressed and may contain confidential and/or
privileged material. Any review, retransmission, dissemination
or other use of, or taking of any action in reliance upon, this
information by persons or entities other than the intended recipient
is prohibited. If you received this transmission in error, please
contact the sender by reply e-mail or by telephone (+1(212)632-5500)
and delete and destroy all copies of the material, including all
copies stored in the recipient's computer, printed or saved to disk.
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Read the whitepaper! http://spf.pobox.com/whitepaper.pdf
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com