spfhelp at caseyconnor
Oct 20, 2010, 10:59 AM
Post #3 of 7
(3100 views)
Permalink
|
Hi again - sorry to re-post, but curious if anyone has any input on this?
Main questions are:
- how verifiers are supposed to handle redirects (whether
a resulting "mx" means the mx of the domain redirected to or the
original domain)
and
- how a verifier should respond in cases where A
records for an mx token are missing
Maybe this is spelled out clearly in the RFC and I missed it... sorry if
that's the case.
Thanks!
-c
> On 10/12/2010 08:28 PM, Craig Whitmore wrote:
> > Why don't you give real world details as it makes it much easier to
> > help?
> >
> > Thanks
> >
>
> Hi, thanks for the reply.
>
> Sorry for being vague, happy to supply the details; generally speaking
> i'm just curious how verifiers are supposed to handle redirects (whether
> a resulting "mx" means the mx of the domain redirected to or the
> original domain), and how a verifier should respond in cases where A
> records for an mx token are missing. Thus i didn't think the specifics
> were all that relevant.
>
> But: If you substitute "linkedin" for "example" in my original post,
> that's the situation:
>
> -----------------------
>
> Our servers are checking mail from bounce.linkedin.com.
>
> It "redirect"s to linkedin.com's SPF record, which includes an "mx" token.
>
> I assume that since the redirect is a "macro", "mx" in this case refers
> to the mx of bounce.linkedin.com, not linked.com, right?
>
> bounce.linkedin.com has two mx hostnames listed. One of them
> (mail.linkedin.com) has no A records.
>
> RFC 4408, section B1, example, 3, says "no sending hosts pass since
> example.org has no A records". So i take it that the behavior should be
> that a verifier "permerror" these messages? What do most verifiers do,
> if anyone knows (I know that's a separate question)?
>
> The tool at kitterman.com shows:
>
> "Results - ambiguous SPF Ambiguity Warning: No A records found for:
> mail.linkedin.com", but doesn't say what the python library's final SPF
> result would be (we're not using that library, but just curious...).
> Another online checker said "that sender is probably not allowed" or
> something similar.
>
> ------------------------
>
> Thanks!
> -c
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101020140123:0BD3D1F4-DC74-11DF-B54E-7FE14A3287EA
Powered by Listbox: http://www.listbox.com
|
