Hi Don,

Don't suppose you pinged an email to postmaster@vuw.ac.nz or perhaps tried one of the avenues listed at their 'contact us' page yet?

http://www.victoria.ac.nz/home/contact

Whilst there's a fair chance someone from the right dept is here,  it'd seem appropriate to try to contact VUW directly, especially now that Scott and Tim have done the hard yards for you. ;-)  [1]

There's absolutely no reason why you shouldn't use SPF, and adhere to it, as long as you're prepared to deal with the odd occasion where the configurations that people have in place simply 'don't work'.  For example, I hope none of the people on your MTA accept mail via forwarding rules.

(I seem to see people who act in breach of their own published SPF rules from time to time, I don't see this problem going away in a hurry to be honest - but it does have a good, useful effect for those who use it properly.)

Cheers
Mark.

[1] you may need to whitelist or temporarily disable SPF to exchange emails with them. Your call.


On 10/09/12 13:11, Don Gould wrote:
Ok, cool. thanks Tim, that answers where to point the finger now.

Tim do you mind sharing how you tested that?  What tool did you use?

Is there a vwu admin on list who would like to comment?  Can you fix your spf record so it doesn't cause more than 10 recursive look ups or should I just not bother with spf?

D


On 10/09/2012 1:07 p.m., Tim Price wrote:

The recursive lookups in that SFP record come to 14 according to my checking.

 

vuw.ac.nz            IN           TXT         v=spf1 ip4:130.195.81.0/24 ip4:130.195.86.0/24 ip4:202.36.141.0/24 ip4:216.235.196.0/22 ip4:216.235.200.0/21 include:mcs.vuw.ac.nz include:mailprimer.com include:_spf.learningsourceapp.com include:spf.messaging.microsoft.com ~all

 

·         include:mcs.vuw.ac.nz

o   mx

·         include:mailprimer.com

o   include:mailprimer.net.nz

§  include:mailprimer.co.nz

§  include:mailprimer.com

·         include:mailprimer.net.nz (loop?)

·         include:_spf.learningsourceapp.com

o   include:sendgrid.net

§  include:sendgrid.biz

·         include:spf.messaging.microsoft.com

o   include:spfa.frontbridge.com

o   include:spfb.frontbridge.com

o   include:spfc.frontbridge.com

 

From: nznog-bounces@list.waikato.ac.nz [mailto:nznog-bounces@list.waikato.ac.nz] On Behalf Of Scott Howard
Sent: Monday, September 10, 2012 12:52 PM
To: Don Gould
Cc: nznog
Subject: Re: [nznog] Vic Uni Mail Admin about? SPF rec issue...

 

On Sun, Sep 9, 2012 at 5:44 PM, Don Gould <don@bowenvale.co.nz> wrote:

2.  Should I be doing something to change my config or do others feel that the vuw spf record is to wide?


From http://tools.ietf.org/html/rfc4408#section-10.1 :

   SPF implementations MUST limit the number of mechanisms and modifiers
   that do DNS lookups to at most 10 per SPF check, including any
   lookups caused by the use of the "include" mechanism or the
   "redirect" modifier.  If this number is exceeded during a check, a
   PermError MUST be returned.  The "include", "a", "mx", "ptr", and
   "exists" mechanisms as well as the "redirect" modifier do count
   against this limit.  The "all", "ip4", and "ip6" mechanisms do not
   require DNS lookups and therefore do not count against this limit.
   The "exp" modifier does not count against this limit because the DNS
   lookup to fetch the explanation string occurs after the SPF record
   has been evaluated.


  Scott



-- 
Don Gould
31 Acheson Ave
Mairehau
Christchurch, New Zealand
Ph: + 64 3 348 7235
Mobile: + 64 21 114 0699



_______________________________________________
NZNOG mailing list
NZNOG@list.waikato.ac.nz
http://list.waikato.ac.nz/mailman/listinfo/nznog