spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Broken SPF Records Update

2005-08-02 05:58:56
from [Scott Kitterman] [Permanent Link] 
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Craig 
Whitmore
Sent: Monday, August 01, 2005 8:19 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: [spf-discuss] Broken SPF Records Update


2 Days ago I sent ~450 emails to the contact SOA of all the
domains which have Broken SPF and a few things where interesting.
Only a few have replied/fixed them already.

- lots of domains SOA records are broken and don't get to a human
or just bounce (Doh)_
- a few people saying they have nothing to do with the domain (so
WHY do they put their email address in the SOA) so I told them to
check the RFC about SOA's)
- people don't understand the "include" option


This is definitely supported by my experience on spf-help and with
submissions to the web site.


Some Replies back: (which I've answered back to them already, but
maybe others have any comments about these people's comments)

eloan.com:
Craig: just for the record, it is a mistake to believe that
including a  domain that doesn't have an SPF record means that
your SPF record is
broken. It just ain't true. We don't have any New Zealand
customers, so I'm not concerned anyway, but by over-interpreting
standards, you're
actually hurting the internet, not helping it. IMHO. :-)


There was a time when that might have been the case, but not any more:

http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-02.html#mec
h-include

This is one case where the mechanisms page on the web site:

http://spf.pobox.com/mechanisms.html#include

needs some urgent surgery that can't wait until the new web site is rolled
out.  I'll propose some text later today.


pacific.net
I see we are in good company there on your list. Seems that a
common problem is that not all IPs are delegated in DNS to those
who use the IPs
or have control over the DNS. We have users who dial o1.com dialup
lines, and get .o1.com IP addresses. We have no control over
o1.com's DNS. How we
should handle this in our SPF record? We have many users who send
email from user(_at_)pacific(_dot_)net originating from o1.com IPs.


They do seem to have changed their record to remove the include:


name.com:
I don't quite see how this is a bug. How does one define a mutual
trust between two hosts if this is not allowed? Domainsite.com and
name.com both
trust each other to send mail from each others network. If SPF
does not allow this, then SPF is useless for what we need to do.


Of course they can do this as others have pointed out, just not this way...

Scott K
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Thanks for all the feedback on the SPF validator, johnp
Next by Date:  ip4: ABNF Question..., Scott Kitterman
Previous by Thread:  Re: Thanks for all the feedback on the SPF validator, johnp
Next by Thread:  RE: Broken SPF Records Update, Scott Kitterman
Indexes:  [Date] [Thread] [Top] [All Lists]