On Fri, March 17, 2017 11:41, Viktor Dukhovni wrote: > >> On Mar 17, 2017, at 11:31 AM, James B. Byrne <byrn...@harte-lyne.ca> >> wrote: >> >> mohawkglobalta.com. 1476 IN TXT "v=spf1 >> include:spf.protection.outlook.com ip4:208.33.203.70/31 -all" > > Don't forget the lookups needed to process the "include:" clause, and > the fact that DNS observations vary with time. > > $ dig +short -t txt spf.protection.outlook.com > "v=spf1 ip4:207.46.101.128/26 ip4:207.46.100.0/24 ip4:207.46.163.0/24 > ip4:65.55.169.0/24 ip4:157.56.110.0/23 ip4:157.55.234.0/24 > ip4:213.199.154.0/24 ip4:213.199.180.0/24 > include:spfa.protection.outlook.com -all" > > $ dig +short -t txt spfa.protection.outlook.com > "v=spf1 ip4:157.56.112.0/24 ip4:207.46.51.64/26 ip4:157.55.158.0/23 > ip4:64.4.22.64/26 ip4:40.92.0.0/14 ip4:40.107.0.0/17 > ip4:40.107.128.0/18 ip4:134.170.140.0/24 > include:spfb.protection.outlook.com -all" > > $ dig +short -t txt spfb.protection.outlook.com > "v=spf1 ip6:2a01:111:f400::/48 ip4:23.103.128.0/19 ip4:23.103.198.0/23 > ip4:65.55.88.0/24 ip4:104.47.0.0/17 ip4:23.103.200.0/21 > ip4:23.103.208.0/21 ip4:23.103.191.0/24 ip4:216.32.180.0/23 > ip4:94.245.120.64/26 -all" > > [ These have a 10 minute TTL ] >
However, dig lookups performed on these exact domains return virtually instantaneously on our MX server running spf. I can set the spf timeout higher than 20 seconds but I suspect that something else is at work here. This Temperror is also affecting these sites and many more: Mar 17 11:39:47 inet08 policyd-spf[13505]: Temperror; identity=helo; client-ip=69.89.30.42; helo=gproxy3-pub.mail.unifiedlayer.com; envelope-from=p...@thecargosolutionscanada.com; receiver=b...@harte-lyne.ca . . . Mar 17 11:42:52 inet08 policyd-spf[13032]: Temperror; identity=helo; client-ip=168.100.1.4; helo=russian-caravan.cloud9.net; envelope-from=owner-postfix-us...@postfix.org; receiver=b...@harte-lyne.ca . . . Mar 17 11:51:36 inet08 policyd-spf[13709]: Temperror; identity=helo; client-ip=66.135.215.173; helo=mxslcpool71.ebay.com; envelope-from=e...@ebay.com; receiver=b...@harte-lyne.ca They cannot all be suddenly affected by a DNS outage? (P.S. thecargosolutionscanada.com would fail anyway due to too many DNS lookups, but it does not get that far in the process.) -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3