Chibra Iheakaram writes:
Here is the Received-SPF
Received-SPF: fail (gamwsm04.mwga.mailwatch.com: domain of
SBoudrea(_at_)sovereignbank(_dot_)com does not designate 12.129.219.97 as
permitted
sender) receiver=gamwsm04.mwga.mailwatch.com; client_ip=12.129.219.97;
envelope-from=SBoudrea(_at_)sovereignbank(_dot_)com;
Received: from outbound1-haw-R.bigfish.com (outbound-haw.frontbridge.com
[12.129.219.97])
The SPF record for sovereignbank.com is
"v=spf1 mx ptr include:britemoon.com include:bigfish.com
include:frontbridge.com ~all"
A query for the included bigfish.com record using the usual UDP
returns a truncated response because bigfish.com has long SPF records
and many nameservers. "host" and "dig" will revert to TCP, but spf
checkers may simply error out. (I do not know that will happen, I'm
just offering it as a possibility someone may want to check.)
Having an overabundance of nameservers is a easy way to shoot
yourself in the foot.
saint# dig txt bigfish.com
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.3.1 <<>> txt bigfish.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25626
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 8, ADDITIONAL: 8
;; QUESTION SECTION:
;bigfish.com. IN TXT
;; ANSWER SECTION:
bigfish.com. 3140 IN TXT "v=spf2.0/pra
ip4:12.129.199.61 ip4:206.16.192.253 ip4:216.148.222.61 ip4:63.161.60.0/25
ip4:213.206.137.197 ip4:217.117.146.230 ip4:12.129.219.152/29 ip4:62.209.45.166
ip4:12.129.219.97 ip4:12.129.219.126 ip4:207.45.163.10 -all"
bigfish.com. 3140 IN TXT "v=spf1
ip4:12.129.199.61 ip4:206.16.192.253 ip4:216.148.222.61 ip4:63.161.60.0/25
ip4:213.206.137.197 ip4:217.117.146.230 ip4:12.129.219.152/29 ip4:62.209.45.166
ip4:12.129.219.97 ip4:12.129.219.126 ip4:207.45.163.10 -all"
;; AUTHORITY SECTION:
bigfish.com. 1915 IN NS ns9-f.bigfish.com.
bigfish.com. 1915 IN NS ns10-f.bigfish.com.
bigfish.com. 1915 IN NS ns13-f.bigfish.com.
bigfish.com. 1915 IN NS ns14-f.bigfish.com.
bigfish.com. 1915 IN NS ns15-f.bigfish.com.
bigfish.com. 1915 IN NS ns5-f.bigfish.com.
bigfish.com. 1915 IN NS ns7-f.bigfish.com.
bigfish.com. 1915 IN NS ns8-f.bigfish.com.
;; ADDITIONAL SECTION:
ns5-f.bigfish.com. 1915 IN A 63.161.60.5
ns7-f.bigfish.com. 1919 IN A 63.161.60.37
ns8-f.bigfish.com. 1917 IN A 12.129.199.38
ns9-f.bigfish.com. 1919 IN A 216.148.222.38
ns10-f.bigfish.com. 1921 IN A 206.16.192.228
ns13-f.bigfish.com. 1915 IN A 213.206.137.201
ns14-f.bigfish.com. 1923 IN A 217.117.146.232
ns15-f.bigfish.com. 1923 IN A 62.209.45.168
;; Query time: 1 msec
;; SERVER: 198.69.28.2#53(198.69.28.2)
;; WHEN: Mon Jan 9 11:24:13 2006
;; MSG SIZE rcvd: 795
--
Dick St.Peters, stpeters(_at_)NetHeaven(_dot_)com
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com