On Wed, May 6, 2015 10:11, Scott Kitterman wrote: > On Wednesday, May 06, 2015 09:58:57 AM James B. Byrne wrote: >> >> Amazon has screwed up their spf records. A DNS host can have only >> ONE spf TXT RR and that must not contain or recursively resolve to >> more than TEN tags. > > No. That's not it. One of those is a v=spf1 SPF record and the other > is a spf2.0 Sender ID record. > > Much more likely the issue is the use of EDNS0. In the part of the > dig output you didn't include, you probably got: > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > > and > > ;; MSG SIZE rcvd: 611
Actually, no. I got this: ;; ANSWER SECTION: spf1.amazon.com. 900 IN TXT "spf2.0/pra ip4:207.171.160.0/19 ip4:87.238.80.0/21 ip4:72.21.192.0/19 ip4:194.154.193.192/27 ip4:194.7.41.152/28 ip4:212.123.28.40/32 ip4:203.81.17.0/24 ip4:72.21.212.0/25 ip4:178.236.10.128/26 -all" spf1.amazon.com. 900 IN TXT "v=spf1 ip4:207.171.160.0/19 ip4:87.238.80.0/21 ip4:72.21.192.0/19 ip4:194.154.193.192/27 ip4:194.7.41.152/28 ip4:212.123.28.40/32 ip4:203.81.17.0/24 ip4:72.21.212.0/25 ip4:178.236.10.128/26 -all" ;; AUTHORITY SECTION: amazon.com. 2751 IN NS ns3.p31.dynect.net. amazon.com. 2751 IN NS ns1.p31.dynect.net. amazon.com. 2751 IN NS ns4.p31.dynect.net. amazon.com. 2751 IN NS ns2.p31.dynect.net. amazon.com. 2751 IN NS pdns6.ultradns.co.uk. amazon.com. 2751 IN NS pdns1.ultradns.net. ;; Query time: 1 msec ;; SERVER: 216.185.71.33#53(216.185.71.33) ;; WHEN: Wed May 6 09:54:00 2015 ;; MSG SIZE rcvd: 600 And thanks for the correction. I had never run into MS's Sender ID in the wild before and had no recollection of its existence until you reminded me. One more thing to look for. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail James B. Byrne mailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3