Hello,
After about 9 months I am re-visiting SPF. I was attempting to
check my SPF record and sent a test email to
check-auth(_at_)verifier(_dot_)port25(_dot_)com(_dot_)
The results are at the end of this email. It seems there is a bug. It is
not finding my SPF record correctly. Here is my TXT info from DNS:
txt ("line1"
"line2"
"line3"
"line4"
"line5"
"Line n")
; + pass
; ? neutral
; ~ soft fail
; - fail
TXT ("v=spf1 mx "
"ip4:63.240.76.26 "
"ip4:204.127.192.0/25 "
"ip4:204.127.198.26 "
"ip4:204.127.198.35 "
"ip4:204.127.198.39 "
"ip4:204.127.200.0/25 "
"ip4:204.127.202.26 "
"ip4:204.127.202.55 "
"ip4:204.127.202.56 "
"ip4:204.127.202.64 "
"ip4:204.127.225.94 "
"ip4:206.18.177.0/25 "
"ip4:216.148.227/24 "
"+exists:%{i}._.%{h}._.%{s}._.%{r}.spf-tracker.watkins-home.com "
"?all")
; "include:comcast.net "
# dig +short txt watkins-home.com
;; Truncated, retrying in TCP mode.
"v=spf1 mx " "ip4:63.240.76.26 " "ip4:204.127.192.0/25 " "ip4:204.127.198.26
" "ip4:204.127.198.35 " "ip4:204.127.198.39 " "ip4:204.127.200.0/25 "
"ip4:204.127.202.26 " "ip4:204.127.202.55 " "ip4:204.127.202.56 "
"ip4:204.127.202.64 " "ip4:204.127.225.94 " "ip4:206.18.177.0/25 "
"ip4:216.148.227/24 "
"+exists:%{i}._.%{h}._.%{s}._.%{r}.spf-tracker.watkins-home.com " "?all"
"line1" "line2" "line3" "line4" "line5" "Line n"
There are 2 problems.
1. It should have ignored the line1 record. After all, TXT records are not
for exclusive use by SPF.
2. It should have joined the sub-strings.
At least that is my understanding. I find using the sub-strings makes it
easier to read and maintain. I know my "+exists" entry is wrong, but that
is un-related (I hope).
Also, the list of "ip4" entries is for Comcast.net my ISP. It looks like
they have changed most of their IP addresses. I find new IP addresses with
almost every SPF email test I send. And it seems Comcast.net knows almost
nothing about SPF. But this is another thread I guess.
Also, I know about ";; Truncated, retrying in TCP mode.". I am working to
make my TXT info smaller with /24 and such.
Anyway, let me know if this is really a bug or just my error.
Thanks,
Guy
==========================================================
Summary of Results
==========================================================
mail-from check: softfail
PRA check: softfail
DomainKeys check: neutral (message not signed)
==========================================================
Details:
==========================================================
Note: currently some of this information is obtained separately from
the verification process, and as such there is no hard guarantee that
it is the data used during verification. A future version providing
that guarantee is planned.
HELO hostname: sccrmhc14.comcast.net
Source IP: 63.240.77.84
mail-from: spf(_at_)watkins-home(_dot_)com
----------------------------------------------------------
mail-from check details:
----------------------------------------------------------
Result: softfail
Address: spf(_at_)watkins-home(_dot_)com
Header: verifier.port25.com smtp(_dot_)mail=spf(_at_)watkins-home(_dot_)com;
mfrom=softfail;
SPF TXT record/s:
line1
v=spf1 mx
----------------------------------------------------------
PRA check details:
----------------------------------------------------------
Result: softfail
Address: spf(_at_)watkins-home(_dot_)com
Header: verifier.port25.com header(_dot_)from=spf(_at_)watkins-home(_dot_)com;
pra=softfail;
PRA TXT record/s:
v=spf1 mx
line1
----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result: neutral (message not signed)
Address: spf(_at_)watkins-home(_dot_)com
Header: verifier.port25.com header(_dot_)from=spf(_at_)watkins-home(_dot_)com;
domainkeys=neutral (message not signed);
Domain Key TXT record:
==========================================================
Original Email
==========================================================
Return-Path: <spf(_at_)watkins-home(_dot_)com>
Received: from sccrmhc14.comcast.net (63.240.77.84) by verifier.port25.com
(PowerMTA(TM) v3.2r5t2) id hk1m160cm50a for
<check-auth(_at_)verifier(_dot_)port25(_dot_)com>; Sat, 6 Jan 2007 22:42:11
-0500
(envelope-from <spf(_at_)watkins-home(_dot_)com>)
Authentication-Results: verifier.port25.com
smtp(_dot_)mail=spf(_at_)watkins-home(_dot_)com;
mfrom=softfail;
Authentication-Results: verifier.port25.com
header(_dot_)from=spf(_at_)watkins-home(_dot_)com; domainkeys=neutral (message
not signed);
Authentication-Results: verifier.port25.com
header(_dot_)from=spf(_at_)watkins-home(_dot_)com; pra=softfail;
Received: from www.watkins-home.com ([69.251.118.155])
by comcast.net (sccrmhc14) with ESMTP
id <200701070346160140044g76e>; Sun, 7 Jan 2007 03:46:16 +0000
Received: from m5 ([192.168.0.193])
by www.watkins-home.com (8.11.6/8.11.6) with ESMTP id l073kFm26040
for <check-auth(_at_)verifier(_dot_)port25(_dot_)com>; Sat, 6 Jan 2007
22:46:15 -0500
Message-Id:
<200701070346(_dot_)l073kFm26040(_at_)www(_dot_)watkins-home(_dot_)com>
From: "Guy" <spf(_at_)watkins-home(_dot_)com>
To: <check-auth(_at_)verifier(_dot_)port25(_dot_)com>
Subject: test-spf
Date: Sat, 6 Jan 2007 22:46:10 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_085F_01C731E4.793242B0"
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
Thread-Index: AccyDl7WvW6oC60lRzaZP2kwzXMt8A==
This is a multi-part message in MIME format.
------=_NextPart_000_085F_01C731E4.793242B0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
------=_NextPart_000_085F_01C731E4.793242B0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns=3D"http://www.w3.org/TR/REC-html40";>
<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)">
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:Arial;
color:windowtext;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=3DEN-US link=3Dblue vlink=3Dpurple>
<div class=3DSection1>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
</div>
</body>
</html>
------=_NextPart_000_085F_01C731E4.793242B0--
==========================================================
Explanation of the possible results (adapted from
draft-kucherawy-sender-auth-header-02.txt):
==========================================================
"pass"
the sending domain publishes the given authentication policy
and the message passed the authentication tests.
"fail"
the sending domain publishes the given authentication policy
and the message failed the authentication tests.
"softfail"
the sending domain publishes an authentication policy which doesn't
require authentication of all messages from that domain, and the
message failed the authentication tests. Please note that a
SPF/Sender-Id status of "neutral" also results in "softfail".
"neutral"
sending domain does not publish any sender authentication policy.
"temperror"
a temporary (recoverable) error occurred attempting to authenticate
the sender; either the process couldn't be completed locally because
of some transient condition, or there was a temporary failure
retrieving the sending domain's policy; a later attempt to
re-authenticate this message might produce a more final result.
"permerror"
a permanent (unrecoverable) error occurred attempting to
authenticate the sender; either the process couldn't be completed
locally, or there was a permanent failure retrieving the sending.
domain's policy
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735