Apparently I did not get the subtle hints from Wayne that he had some
trouble with the load on his trusted-forwarder domain, and that caused
my mail troubles today.
I used to used trusted-forwarder in my local policy, but to minimize DNS
traffic and maximize responsiveness of my MTA, I had been doing zone
transfers, and used my local DNS server as a slave.
Today, as the zone expired due to failure to contact the master zone
server for a week, the trusted-forwarder domain just disapeared.
This left my local policy resolving to "TempFail", and caused all
incoming mail to not be accepted.
I am only pointing this out in case you also use this service with zone
trasfers.
It would have been nice if the move was more prominently announced, on
the spf lists.
But I guess Wayne has been fighting to get up to speed on recent SPF
history, so this could be excusable.
However, this is one more experience item that we (I) did not have until
today. Say what you will, but to me SPF is still an experiment. We'll
just have to agree to disagree on this one. :)
Remember to check your configurations to ensure a smooth transition to
the new trusted-forwarder location, if it still exists.
Regards,
Radu.