spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Should double quotations in TXT get ignored?

2008-03-31 10:34:20
On Mon, 31 Mar 2008, Stephan Seitz wrote:

Recently, I found a few ISPs publishing their SPF records as
IN    TXT     "\"v=spf1 .... \""      instead of
IN    TXT     "v=spf1 .... "

Currently our spf lib takes these records as invalid.

My question is, should we silently ignore the double quotes?

Those are in fact, invalid records.  The correct SPF result is None,
since there is no v=spf1 tag.  (It is '"v=spf1' instead.)

How would you act?

I have various heuristics to extract a "best guess" result from such
situations.  Just be careful not to report it as the actual SPF result.
I use an x-bestguess tag in Received-SPF, for example:

2008Mar31 13:14:02 [6010] Received-SPF: None (mail.bmsi.com: 218.83.154.18
        is neither permitted nor denied by domain of tastysoft.com)
        client-ip=218.83.154.18; 
envelope-from="pre-alert(_at_)tastysoft(_dot_)com";]
        helo=tastysoft.com; receiver=mail.bmsi.com; mechanism=a/24;
        x-bestguess=pass; identity=mailfrom

It might be worthwhile to remove the extra quotes to generate such
a bestguess result (for whitelisting and blacklisting by domain).  

However, if the admin is so clueless as to leave the SPF record with invalid
quotes, the policy contained is likely to reflect equal cluelessness.  So I
would not bother in this case (and just use the standard bestguess policy
of 'v=spf1 a/24 mx/24 ptr'.  Unless you find that this kind of thing
is a typo that goes away in a few weeks for a given domain - then it would
be worthwhile to automate a best guess until it is fixed.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/735/=now
RSS Feed: http://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com