Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SPF: Help

Is mx:<ip4_address> valid in an SPF record ?

  

 
SPF help RSS feed   Index | Next | Previous | View Threaded


daniel.fauxpoint at gmail

May 11, 2009, 8:26 AM

Post #1 of 2 (408 views)
Permalink
Is mx:<ip4_address> valid in an SPF record ?
Hello,

This might be a very trivial question, but being new to SPF I wanted
to double check that I understood the SPF record syntax spec correctly
...

I was looking up the DNS records for a domain owned by a small
business which I am helping on my spare time with IT issues. Their
domain shows one SPF record looking like this:

<FQDN> 838 IN TXT "v=spf1 a mx mx:<ip4_address> ~all"

Where <FQDN> is the fully qualified domain name (with a trailing dot)
and <ip4_address> is an IP4 ip address of the form 1.2.3.4

I am surprised to see this record because I thought the mx: mechanism
must be used with domain names only, not IP addresses. Using one of
the free syntax checking tools listed on on openspf.org, I get the
following message back:

Results - PermError SPF Permanent Error: Invalid domain found (use
FQDN): <ip4_address>

which seems to confirm what I thought.

The reason I still wanted to ask is that I also tried the record setup
wizard on openspf.org, and it seems to happily generate the same
record that exists today, which confuses me .....

The domain in question has only one mail server used for both inbound
and outbound mail, and has a 'mx' record and the corresponding 'a'
record. So my though is that the SPF record should be changed to

<FQDN> 838 IN TXT "v=spf1 mx ~all"

Finally, this domain has been setup over 2 years ago, and I am
wondering why the SPF record is still using the 'softfail' qualifier:
I would think it should be pretty safe at this stage to have 'fail'
instead for a final SPF record that would read:

<FQDN> 838 IN TXT "v=spf1 mx -all"

Thank you in advance for your answers and advice.
Dan.


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


rob.macgregor at gmail

May 11, 2009, 8:49 AM

Post #2 of 2 (374 views)
Permalink
Re: Is mx:<ip4_address> valid in an SPF record ? [In reply to]
On Mon, May 11, 2009 at 16:26, Daniel Fauxpoint
<daniel.fauxpoint[at]gmail.com> wrote:
> Hello,
>
> This might be a very trivial question, but being new to SPF I wanted
> to double check that I understood the SPF record syntax spec correctly
> ...
>
> I was looking up the DNS records for a domain owned by a small
> business which I am helping on my spare time with IT issues. Their
> domain shows one SPF record looking like this:
>
>    <FQDN>      838     IN      TXT     "v=spf1 a mx mx:<ip4_address> ~all"

You are correct, it is invalid. Very few people ever seem to bother
reading the record syntax and I've seen many "creative" abuses of the
tags.

<---SNIP--->
> The reason I still wanted to ask is that I also tried the record setup
> wizard on openspf.org, and it seems to happily generate the same
> record that exists today, which confuses me .....

Like all automated tools - GIGO (Garbage In, Garbage Out)

> The domain in question has only one mail server used for both inbound
> and outbound mail, and has a 'mx' record and the corresponding 'a'
> record. So my though is that the SPF record should be changed to
>
>    <FQDN>      838     IN      TXT     "v=spf1 mx ~all"

Or specify it by IP and save 2 DNS lookups ;)

> Finally, this domain has been setup over 2 years ago, and I am
> wondering why the SPF record is still using the 'softfail' qualifier:
> I would think it should be pretty safe at this stage to have 'fail'
> instead for a final SPF record that would read:
>
>    <FQDN>      838     IN      TXT     "v=spf1 mx -all"

If it works (and right now it shouldn't be) then yes, change ~all to -all.

That said, the all tag is often ignored and I've seen mail rejected
because of SPF failures even when people have used "?all" or "+all".

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

SPF help RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.