spf-discuss
[Top] [All Lists]

Re: [spf-discuss] PermError: Too many DNS lookups at Microsoft.com

2006-05-06 11:20:47
On 05/06/2006 14:10, Hector Santos wrote:

Unless I got the meaning of the SPF recursive limit wrong, this should not
fail with a PermError.   This is not a recursive SPF record.  Right?


Hector,

I think you are still using the old (pre-MARID/2004) recursion limits.  The 
current approach is a little different:

   SPF implementations MUST limit the number of mechanisms and modifiers
   that do DNS lookups to at most 10 per SPF check, including any
   lookups caused by the use of the "include" mechanism or the
   "redirect" modifier.  If this number is exceeded during a check, a
   PermError MUST be returned.  The "include", "a", "mx", "ptr", and
   "exists" mechanisms as well as the "redirect" modifier do count
   against this limit.  The "all", "ip4", and "ip6" mechanisms do not
   require DNS lookups and therefore do not count against this limit.
   The "exp" modifier does not count against this limit because the DNS
   lookup to fetch the explanation string occurs after the SPF record
   has been evaluated.

   When evaluating the "mx" and "ptr" mechanisms, or the %{p} macro,
   there MUST be a limit of no more than 10 MX or PTR RRs looked up and
   checked.

So, yes, there should be a permerror there as when you count up the include, 
a, and mx mechanisms, you get at least 11.  They are close, but outside the 
bounds of the MUST in the first paragraph quoted above.

Scott K

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

<Prev in Thread] Current Thread [Next in Thread>