spf-discuss
[Top] [All Lists]

Re: Broken SPF Records Update

2005-08-02 18:23:09
On Wed, 3 Aug 2005, Alex van den Bogaerdt wrote:

domainsite.com._spf.name.com        SPF "v=spf1 mx:domainsite.com ... -all"
name.com    SPF "v=spf1 mx ... include:domainsite.com._spf.name.com -all"

I think my solution is much more elegant and workable.

Have you read the entire thread?

I didn't recognize at first that the problem was two SPF domains 
including each other (for a potential infinite loop).  I thought the
problem was an SPF domain including a non-SPF domain.

BTW, is an infinite include loop a PermError before it is evaluated?

Consider this SPF pair:

a.com   SPF "v=spf1 a mx include:b.com"
b.com   SPF "v=spf1 a mx include:a.com"

In my SPF implementation, this will pass if the IP matches
any A or MX records for either a.com or b.com.  Otherwise, it
results in PermError (infinite recursion).  Since the PermError
is detected immediately upon seeing the second include, it is
efficient.

I could see this being intentional.

Now, consider this record:

example.com     SPF "v=spf1 a mx include"

Currently, my implementation immediately gives PermError for the trivial
recursion.  BUT, suppose the publisher intended that
the record pass if IP matches A or MX, otherwise result in PermError
(causing the mail to be rejected)?

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.


<Prev in Thread] Current Thread [Next in Thread>