Lots of ‘dig’-ing ;)

 

From: nznog-bounces@list.waikato.ac.nz [mailto:nznog-bounces@list.waikato.ac.nz] On Behalf Of Don Gould
Sent: Monday, September 10, 2012 1:11 PM
To: Tim Price
Cc: 'nznog'
Subject: Re: [nznog] Vic Uni Mail Admin about? SPF rec issue...

 

Ok, cool. thanks Tim, that answers where to point the finger now.

Tim do you mind sharing how you tested that?  What tool did you use?

Is there a vwu admin on list who would like to comment?  Can you fix your spf record so it doesn't cause more than 10 recursive look ups or should I just not bother with spf?

D


On 10/09/2012 1:07 p.m., Tim Price wrote:

The recursive lookups in that SFP record come to 14 according to my checking.

 

vuw.ac.nz            IN           TXT         v=spf1 ip4:130.195.81.0/24 ip4:130.195.86.0/24 ip4:202.36.141.0/24 ip4:216.235.196.0/22 ip4:216.235.200.0/21 include:mcs.vuw.ac.nz include:mailprimer.com include:_spf.learningsourceapp.com include:spf.messaging.microsoft.com ~all

 

         include:mcs.vuw.ac.nz

o   mx

         include:mailprimer.com

o   include:mailprimer.net.nz

  include:mailprimer.co.nz

  include:mailprimer.com

         include:mailprimer.net.nz (loop?)

         include:_spf.learningsourceapp.com

o   include:sendgrid.net

  include:sendgrid.biz

         include:spf.messaging.microsoft.com

o   include:spfa.frontbridge.com

o   include:spfb.frontbridge.com

o   include:spfc.frontbridge.com

 

From: nznog-bounces@list.waikato.ac.nz [mailto:nznog-bounces@list.waikato.ac.nz] On Behalf Of Scott Howard
Sent: Monday, September 10, 2012 12:52 PM
To: Don Gould
Cc: nznog
Subject: Re: [nznog] Vic Uni Mail Admin about? SPF rec issue...

 

On Sun, Sep 9, 2012 at 5:44 PM, Don Gould <don@bowenvale.co.nz> wrote:

2.  Should I be doing something to change my config or do others feel that the vuw spf record is to wide?


From http://tools.ietf.org/html/rfc4408#section-10.1 :

   SPF implementations MUST limit the number of mechanisms and modifiers
   that do DNS lookups to at most 10 per SPF check, including any
   lookups caused by the use of the "include" mechanism or the
   "redirect" modifier.  If this number is exceeded during a check, a
   PermError MUST be returned.  The "include", "a", "mx", "ptr", and
   "exists" mechanisms as well as the "redirect" modifier do count
   against this limit.  The "all", "ip4", and "ip6" mechanisms do not
   require DNS lookups and therefore do not count against this limit.
   The "exp" modifier does not count against this limit because the DNS
   lookup to fetch the explanation string occurs after the SPF record
   has been evaluated.


  Scott




-- 
Don Gould
31 Acheson Ave
Mairehau
Christchurch, New Zealand
Ph: + 64 3 348 7235
Mobile: + 64 21 114 0699