[dns-operations] SPF

Doug Barton dougb at dougbarton.us
Mon Apr 11 19:01:48 UTC 2016


April 10 2016 12:36 PM, "Fred Morris" <m3047 at m3047.net> wrote:
> I acknowledge that this is getting a little far from the remit, but I'm 
> looking at some "DNS failures" related to mail delivery and I'm rather taken 
> aback by some of the SPFs I'm seeing.
> 
> For instance this one, for a domain which a large corporation uses to send 
> order confirmation emails:
> 
> "v=spf1 ptr ip4:65.197.19.23, ip4:12.43.140.23, ip4:12.43.146.43/32, 
> ip4:12.43.146.44/32, ip4:12.43.146.45/32, ip4:12.43.146.46/32 
> include:amazonses.com +all"
> 
> (Besides the fact that it's broken because of the commas...) Doesn't "+all" at 
> the end mean that anyone can send e-mail purporting to be from these people?

When +all is present the information in the record is treated as advisory by the more sophisticated mail filters, usually as points plus or minus in a spam scoring system. And I'm not sure the commas are a fatal error, but I'd have to check the spec.

> In this case IMO failure may be the best option...

Probably not, especially if the mail is coming from one of the listed locations. Probably better to discuss this on the mailop list though, they are quite knowledgeable and usually friendly. :) mailop.org for more info. 

Doug




More information about the dns-operations mailing list