spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Re: PermError: Too many DNS lookups at Microsoft.com

2006-05-07 10:59:37
from [Scott Kitterman] [Permanent Link] 
On 05/07/2006 12:26, Hector Santos wrote:


We will have to agree to disagree ...



Does the docs say anything like so?

    "SPF operators MUST construct SPF records that do not violate
     a 10 DNS Lookup limit."


No, but equivalently there is no section of the document that says this is the 
only part you have to read if you are constructing records.  I think a 
separate tutorial on SPF record construction is needed and that this kind of 
discussion needs to be in it.

...


Also, do any of the SPF record Wizards check and limit the DNS lookup
construct based on what the operator defines?


Yes.  Mine does and has since July of 2005.  Put microsoft.com into the first 
test and it's record fails to validate.  That is, in fact, how this came up.  
Someone who did that e-mailed me offlist to see if that was correct.

...


Unless you want come here and answer some phone calls when they begin to
call about "Hey, why is this happening now?"  I'm not going to break our
classic SPF setup for my customers. 


What Stuart and I did with the pySPF library was have different levels of 
strictness.  

 - Relaxed - Extends some limits such as the ten lookup limit beyond what the 
standard calls for.  Tries to work through certain classes of errors.  Stuart 
uses this in production.

 - Strict - Does EXACTLY what the RFC calls for.  Provides a standards 
compliant mode of operation.

 - Harsh - Is extremely paranoid about any possible error source (for example 
if both TXT records and type SPF (99) records exist it compares them).  It 
will raise an error on anything and also raises warnings for common mistakes 
(not syntax errors, but almost certainly not what was intended).  I use this 
in the validator.

I recall that Craig Whitmore did a survey of all of .com for errors and 
violating processing limits didn't seem to be a major factor, but I don't 
know which version of the processing limits his checker was using.  I think 
it was the old one.  It would be interesting to see how this list would 
change if it were re-run:

http://www.spam.co.nz/spf/broken/

Scott K

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] Re: PermError: Too many DNS lookups at Microsoft.com, Hector Santos
Next by Date:  [spf-discuss] Re: SPF mailing lists being abused, Julian Mehnle
Previous by Thread:  Re: [spf-discuss] Re: PermError: Too many DNS lookups at Microsoft.com, Hector Santos
Next by Thread:  Re: [spf-discuss] Re: PermError: Too many DNS lookups at Microsoft.com, Scott Kitterman
Indexes:  [Date] [Thread] [Top] [All Lists]