Ok, cool. thanks Tim, that answers where to point the finger now. Tim do you mind sharing how you tested that? What tool did you use? Is there a vwu admin on list who would like to comment? Can you fix your spf record so it doesn't cause more than 10 recursive look ups or should I just not bother with spf? D On 10/09/2012 1:07 p.m., Tim Price wrote:
The recursive lookups in that SFP record come to 14 according to my checking.
vuw.ac.nz IN TXT v=spf1 ip4:130.195.81.0/24 ip4:130.195.86.0/24 ip4:202.36.141.0/24 ip4:216.235.196.0/22 ip4:216.235.200.0/21 include:mcs.vuw.ac.nz include:mailprimer.com include:_spf.learningsourceapp.com include:spf.messaging.microsoft.com ~all
·include:mcs.vuw.ac.nz
omx
·include:mailprimer.com
oinclude:mailprimer.net.nz
§include:mailprimer.co.nz
§include:mailprimer.com
·include:mailprimer.net.nz (loop?)
·include:_spf.learningsourceapp.com
oinclude:sendgrid.net
§include:sendgrid.biz
·include:spf.messaging.microsoft.com
oinclude:spfa.frontbridge.com
oinclude:spfb.frontbridge.com
oinclude:spfc.frontbridge.com
*From:*nznog-bounces(a)list.waikato.ac.nz [mailto:nznog-bounces(a)list.waikato.ac.nz] *On Behalf Of *Scott Howard *Sent:* Monday, September 10, 2012 12:52 PM *To:* Don Gould *Cc:* nznog *Subject:* Re: [nznog] Vic Uni Mail Admin about? SPF rec issue...
On Sun, Sep 9, 2012 at 5:44 PM, Don Gould
mailto:don(a)bowenvale.co.nz> wrote: 2. Should I be doing something to change my config or do others feel that the vuw spf record is to wide?
From http://tools.ietf.org/html/rfc4408#section-10.1 :
/ SPF implementations MUST limit the number of mechanisms and modifiers that do DNS lookups to at most 10 per SPF check, including any lookups caused by the use of the "include" mechanism or the "redirect" modifier. If this number is exceeded during a check, a PermError MUST be returned. The "include", "a", "mx", "ptr", and "exists" mechanisms as well as the "redirect" modifier do count against this limit. The "all", "ip4", and "ip6" mechanisms do not require DNS lookups and therefore do not count against this limit. The "exp" modifier does not count against this limit because the DNS lookup to fetch the explanation string occurs after the SPF record has been evaluated. /
Scott
-- Don Gould 31 Acheson Ave Mairehau Christchurch, New Zealand Ph: + 64 3 348 7235 Mobile: + 64 21 114 0699