-----Original Message-----
From: Herb Martin [mailto:HerbM(_at_)learnquick(_dot_)com]
Sent: Sunday, August 14, 2005 11:42 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] Update on Broken SPF Records
Scott K >
MX counts as one. All that counts are the mechanisms that
are listed in your record or the ones you include: or redirect=.
So, MX counts, but turning the results into an A
record does not? (Weird.)
See the internet draft for details:
http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-02.html#anc
hor31
or
http://tinyurl.com/7oapg
I took a quick look at your record. I expect it can be
simplified and am willing to help you with that. Don't give
up yet.
I would appreciate such help -- I had a difficult
time getting a record that would never leave out
a legitimate source.
My intention was always to terminate with -all.
It's wimpy to softfail (etc.) the SPF record.
BTW, I don't currently see an SPF record at
spf.learnquick.com. That will be a problem.
nslookup -q=txt spf.learnquick.com 68.178.144.167
returns it - and that address is the Primary DNS for
LearnQuick.Com.
I see it now. I was using a web based Dig tool from my smartphone earlier
when I looked, so who knows...
My original intention was to transfer the entire SPF
record from LearnQuick.Com -> spf.LearnQuick.Com but
I delayed that due to testing and other issues.
(E.g., it will add a lookup to EVERY other possible
SPF resolution.)
Yes and unless you have other TXT records for some reason there's no
advantage to doing this.
My initial focus on the validator was to make sure only
compliant records would pass. I agree it's not an ideal
troubleshooting tool. I intend to make it better.
The tool is fine but if it is the closest thing to an
official tool THEN it needs more debug information.
Agreed.
I went through a lot of trouble to check my records against
every (working) validator mentioned on spf.pobox.com and
finally passed all I could find.
Where is this "10 lookup limit" documented? Especially the
rules for counting it...?
As mentioned above, http://tinyurl.com/7oapg.
As to simplification, there are a couple of "safety"
mechanisms in there, but this protected me recently from
my ISPs change without notice, e.g., :
Specific IP4: records AND the ptr for the server zone:
ip4:64.202.167.111 ip4:64.202.189.88/30"
ptr:prod.mesa1.secureserver.net
They should be redundant, but for losing mail redundancy
is a "good thing."
Redundancy is OK if you can afford it. PTR in general is expensive, risky,
and hard to get right. To be avoided it at all possible.
The ak.learnquick.com record is temporary, due to a private
mailing list which doesn't re-write the message correctly,
AND that customer dropping an SPF failure. So my choice
is to (potentially) be blocked from participating with this
customer or have the extra mechanism.
I understand how that works...
Scott K