Well, last week I noticed that GoDaddy fixed their own SPF record. I
have no idea if this is because I sent a message to them, or if it is
due to MSN/Hotmail. But, anyway, I checked out their SPF wizard
again, and filed the following bug report with them.
Discussion Thread
---------------------------------------------------------------
Customer - 06/26/2005 06:05 PM
Name: wayne schlitt
Email: wayne(_at_)schlitt(_dot_)net
Phone #: 402 450-1515
Domain: unified-spf.com
Customer #: wrs1864
Last 4 of CC#: (not given)
Reseller Id: GoDaddy
Reseller: GoDaddy.com
Product: Total DNS Control
Question:
Hi again.
On 11/30/2004, I reported a bunch of bugs with your SPF wizard.
Sadly, it appears that they still need to be fixed.
I am the current editor of the SPF specification (see
http://www.ietf.org/internet-drafts/draft-schlitt-spf-classic-02.txt )
and the current maintainer of the SPF test suite (see
http://www.schlitt.net/spf/ ) and the co-author of the
http://libspf2.org SPF implementation. I would really like to work
with you to get your SPF wizard working well, so please feel free to
contact me about any questions you may have.
The things that I notice right off the bat are:
* On the first page of the wizard, you say "The Microsoft Sender ID
Framework (formerly known as SPF) is an industry standard created to
..". This is not quite correct. SPF has not been renamed or replaced
. by Sender ID. Sender ID builds on SPF, but it does slightly
different things than SPF. Currently, SPF checking is done by far
more mail systems than Sender ID and I think this will continue for a
very long time.
* Your wizard creates a TXT record that starts with "v=spf2.0/pra".
This is incorrect for all versions of SPF and Sender ID. What you
want is "v=spf1", or if you want to exclude SPF checking, you can
generate "spf2.0/pra,mfrom". I highly recommend generating "v=spf1".
* When you enter IP addresses into the "outbound mail servers" box, it
generates "a:" mechanisms instead of "ip4" or "ip6:" mechanisms. For
example, if I enter "67.52.51.37", I get an SPF record that says
"a:67.52.51.37" instead of "ip4:67.52.51.37". The "a:" mechanism does
an A record lookup on a hostname and since "67.52.51.37" is not a
valid hostname, RFC conformant SPF checkers will return a syntax
error. (The folks who run the root name servers don't want queries
for top level domains of "37" for hosts of "67.52.51.37".)
The "a:" mechanism *is* what you want to do when people enter a
hostname, such as mail.schlitt.net.
* If you enter more than one outbound mail server, your wizard does
not strip off the NL character, thus generating mechanisms such as
"a:\010mail.schlitt.net" instead of "a:mail.schlitt.net". (Dec 10 is
the newline character.)
* personally, I would discourage the use of the "ptr:" mechanism. It
is useful in some cases, but it requires the control of the reverse
DNS name and it isn't as reliable in the face of DNS errors.
* I think you should give explicit options to generate the "-all",
"~all" and "?all" endings.
I would highly recommend you review the SPF wizard at
http://spf.pobox.com/wizard.html. This wizard was created by Meng
Wong, one of the founders of the SPF project, and is the best and most
complete SPF wizard that I know of. I suspect that, if asked, Meng
would be willing to let you use any portions of this wizard that you
want and can provide you with the perl code that runs it.
Again, I really appreciate your support of SPF and I hope that we can
get your SPF wizard working correctly as soon as possible.
Question Reference #050626-001082
---------------------------------------------------------------
Contact Information: wayne(_at_)schlitt(_dot_)net
Date Created: 06/26/2005 06:05 PM
Last Updated: 06/26/2005 06:05 PM
Status: Unresolved
Shopper ID:
Cust. Pref. Contact:
Customer Phone: