Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SPF: Help

SPF TXT record peculiarities

  

 
SPF help RSS feed   Index | Next | Previous | View Threaded


spfhelp at caseyconnor

May 28, 2009, 5:19 PM

Post #1 of 4 (483 views)
Permalink
SPF TXT record peculiarities
Hi -

we're seeing SPF fails for various domains and wondering if it's our
verification software (apache jSPF) or the TXT record.

$ host -t txt about.com
;; Truncated, retrying in TCP mode.
about.com descriptive text "v=spf1 ip4:207.241.148.60 ip4:207.241.148.40
ip4:207.241.148.227 ip4:207.241.145.5 ip4:207.241.145.6
ip4:207.241.149.197 ip4:207.241.148.39 ip4:207.241.148.226
ip4:207.241.148.227 ip4:207.241.148.64 ip4:207.241.148.228" "
a:mclist.about.com a:ablist.about.com a:smtp.about.com a:mxc1s.about.com
a:smtpapps.about.com a:listserv1.about.com a:listserv2.about.com
a:mail.about.com a:om1.about.com -all"

...the extra ...228" " a:mclist... section looks like a mistake (perhaps
in a SPF record-generator? There are a few domains that have a similar
thing going on). I'm not familiar enough with the TXT record syntax or
the host command to actually call their TXT record "broken".

Is that malformed, or is jSPF just not parsing robustly enough? Thanks
for any insight!

-c


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


scott at kitterman

May 28, 2009, 7:32 PM

Post #2 of 4 (452 views)
Permalink
Re: SPF TXT record peculiarities [In reply to]
> Hi -
>
> we're seeing SPF fails for various domains and wondering if it's our
> verification software (apache jSPF) or the TXT record.
>
> $ host -t txt about.com
> ;; Truncated, retrying in TCP mode.
> about.com descriptive text "v=spf1 ip4:207.241.148.60 ip4:207.241.148.40
> ip4:207.241.148.227 ip4:207.241.145.5 ip4:207.241.145.6
> ip4:207.241.149.197 ip4:207.241.148.39 ip4:207.241.148.226
> ip4:207.241.148.227 ip4:207.241.148.64 ip4:207.241.148.228" "
> a:mclist.about.com a:ablist.about.com a:smtp.about.com a:mxc1s.about.com
> a:smtpapps.about.com a:listserv1.about.com a:listserv2.about.com
> a:mail.about.com a:om1.about.com -all"
>
> ...the extra ...228" " a:mclist... section looks like a mistake (perhaps
> in a SPF record-generator? There are a few domains that have a similar
> thing going on). I'm not familiar enough with the TXT record syntax or
> the host command to actually call their TXT record "broken".

This is correct. Multi-string TXT records are not unusual and RFC 4408
calls for strings to just be concatenated with no spacing added, so that
leading space is correct and essential.

> Is that malformed, or is jSPF just not parsing robustly enough? Thanks
> for any insight!

A possible problem is that the record is large enough to require TCP
fallback and it is totally not rare for DNS over TCP to be firewalled. It
may be that your data is being blocked somewhere. What are the exact mail
log entries from a failure?

Scott K


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


spfhelp at caseyconnor

May 28, 2009, 8:05 PM

Post #3 of 4 (454 views)
Permalink
Re: SPF TXT record peculiarities [In reply to]
Thanks for the reply and the ideas!

I think it's jSPF. The error it gives is:

Term [ip4:207.241.148.228"] is not syntactically valid: ...

Sounds like parsing to me.. Or if it does have something to do with
firewalling then certainly not a graceful handling o the situation. I'll
check with them and see what they have to say...

-c

Scott Kitterman wrote:
>> Hi -
>>
>> we're seeing SPF fails for various domains and wondering if it's our
>> verification software (apache jSPF) or the TXT record.
>>
>> $ host -t txt about.com
>> ;; Truncated, retrying in TCP mode.
>> about.com descriptive text "v=spf1 ip4:207.241.148.60 ip4:207.241.148.40
>> ip4:207.241.148.227 ip4:207.241.145.5 ip4:207.241.145.6
>> ip4:207.241.149.197 ip4:207.241.148.39 ip4:207.241.148.226
>> ip4:207.241.148.227 ip4:207.241.148.64 ip4:207.241.148.228" "
>> a:mclist.about.com a:ablist.about.com a:smtp.about.com a:mxc1s.about.com
>> a:smtpapps.about.com a:listserv1.about.com a:listserv2.about.com
>> a:mail.about.com a:om1.about.com -all"
>>
>> ...the extra ...228" " a:mclist... section looks like a mistake (perhaps
>> in a SPF record-generator? There are a few domains that have a similar
>> thing going on). I'm not familiar enough with the TXT record syntax or
>> the host command to actually call their TXT record "broken".
>>
>
> This is correct. Multi-string TXT records are not unusual and RFC 4408
> calls for strings to just be concatenated with no spacing added, so that
> leading space is correct and essential.
>
>
>> Is that malformed, or is jSPF just not parsing robustly enough? Thanks
>> for any insight!
>>
>
> A possible problem is that the record is large enough to require TCP
> fallback and it is totally not rare for DNS over TCP to be firewalled. It
> may be that your data is being blocked somewhere. What are the exact mail
> log entries from a failure?
>
> Scott K
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org
> Modify Your Subscription: http://www.listbox.com/member/
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com
>


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


spfhelp at caseyconnor

May 31, 2009, 9:38 PM

Post #4 of 4 (449 views)
Permalink
Re: SPF TXT record peculiarities [In reply to]
Confirmed as a jSPF bug. They're on top of it, and getting a new release
out for it, perhaps soon.

https://issues.apache.org/jira/browse/JSPF-72

Thanks,
-c

Scott Kitterman wrote:
>> Hi -
>>
>> we're seeing SPF fails for various domains and wondering if it's our
>> verification software (apache jSPF) or the TXT record.
>>
>> $ host -t txt about.com
>> ;; Truncated, retrying in TCP mode.
>> about.com descriptive text "v=spf1 ip4:207.241.148.60 ip4:207.241.148.40
>> ip4:207.241.148.227 ip4:207.241.145.5 ip4:207.241.145.6
>> ip4:207.241.149.197 ip4:207.241.148.39 ip4:207.241.148.226
>> ip4:207.241.148.227 ip4:207.241.148.64 ip4:207.241.148.228" "
>> a:mclist.about.com a:ablist.about.com a:smtp.about.com a:mxc1s.about.com
>> a:smtpapps.about.com a:listserv1.about.com a:listserv2.about.com
>> a:mail.about.com a:om1.about.com -all"
>>
>> ...the extra ...228" " a:mclist... section looks like a mistake (perhaps
>> in a SPF record-generator? There are a few domains that have a similar
>> thing going on). I'm not familiar enough with the TXT record syntax or
>> the host command to actually call their TXT record "broken".
>>
>
> This is correct. Multi-string TXT records are not unusual and RFC 4408
> calls for strings to just be concatenated with no spacing added, so that
> leading space is correct and essential.
>
>
>> Is that malformed, or is jSPF just not parsing robustly enough? Thanks
>> for any insight!
>>
>
> A possible problem is that the record is large enough to require TCP
> fallback and it is totally not rare for DNS over TCP to be firewalled. It
> may be that your data is being blocked somewhere. What are the exact mail
> log entries from a failure?
>
> Scott K
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org
> Modify Your Subscription: http://www.listbox.com/member/
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com
>


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

SPF help RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.