Jim Hermann - UUN Hostmaster wrote:
What happens if the DNS records are not available? We don't know if there is a TXT record or not.JimBenny Pedersen wrote:If the SPF module can't obtain the DNS TXT record due to timeouts, doesthisget reported as a SOFTFAIL?Received-SPF: pass (amiga.junc.org: domain of[EMAIL PROTECTED]designates 209.237.227.199 as permitted sender) Received-SPF: unknown (asf.osuosl.org: error in processing duringlookup of [EMAIL PROTECTED])this was what i got from this mail so i belive SOFTFAIL does mean that spf is working ?Yes, softfail is when they don't want a hard fail :-D pretty much here is the break down: ?all = neutral ~all = softfail -all = hardfail~all (softfail) are for sites who are 'testing' (majority of the records are this) and is (from my understanding) supposed to allow the mail to be still delivered.-all (hardfail) is more aggressive, but may cause lost mail ... http://www.openspf.org/whitepaper.pdf
AFAIK, you would get nothing. Just like if any other DNS test would fail.What spamassassin reports as *FAIL is not an indicator that DNS isn't working. You would need to consult your logs and do some testing. However, since this is a DNS lookup, this does add time to the scanning (I've seen where this can add a lot of time..) I prefer to use SPF for my whitelisting needs in SA, I block anything that hardfails at the server level -- allowing SA to add points for a softfail. Keep in mind, it seems most servers that implement SPF use softfail (~all).
HTH -- Thanks, JamesDR
smime.p7s
Description: S/MIME Cryptographic Signature
