spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] spf fail

2006-01-09 12:19:54
from [Chibra Iheakaram] [Permanent Link] 
Thanks everyone for your inputs.

Chibra I
----- Original Message ----- From: "wayne" <wayne(_at_)schlitt(_dot_)net> 
To: "SPF discussions" <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Monday, January 09, 2006 2:12 PM
Subject: Re: [spf-discuss] spf fail
In <17346(_dot_)37424(_dot_)483577(_dot_)991885(_at_)saint(_dot_)heaven(_dot_)net> "Dick St.Peters" <stpeters(_at_)NetHeaven(_dot_)com> writes: 


The SPF record for sovereignbank.com is
"v=spf1 mx ptr include:britemoon.com include:bigfish.com include:frontbridge.com ~all" 

A query for the included bigfish.com record using the usual UDP
returns a truncated response because bigfish.com has long SPF records
and many nameservers.  "host" and "dig" will revert to TCP, but spf
checkers may simply error out.  (I do not know that will happen, I'm
just offering it as a possibility someone may want to check.)


According to the spec, it is ok for an SPF implementation to drop
records that require DNS over TCP.  This wasn't really a design
choice, but rather it is more of an acknowledgement that there are
firewalls and resolvers out there that can't deal with falling back to
TCP.  If the SPF records are dropped, then the include:bigfish.com
mechanism should trigger a PermError.

I can't see any way that this lookup could cause a Fail, *if* the SPF
implementation is following the spec.


It would be best to contact bigfish and get them to either remove the
completely bogus "v=spf2.0/pra" record (it isn't even a valid SenderID
record), or to break up the record with via a series of includes,
similar to what hotmail.com had to do.


-wayne

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com 



-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] spf fail, Chibra Iheakaram
Next by Date:  Re: [spf-discuss] spf fail, Dick St.Peters
Previous by Thread:  Re: [spf-discuss] spf fail, Chibra Iheakaram
Next by Thread:  Re: [spf-discuss] spf fail, Dick St.Peters
Indexes:  [Date] [Thread] [Top] [All Lists]