McDonald, Dan wrote: > I'm having trouble with a correspondent who is using SPF, is sending > from a host allowed in policy, but the SPF rule is not matching. > > Their spf record (obfuscated) is: > example.com. 3600 IN TXT "v=spf1 mx ptr ip4:a.a.a.0/24 > ip4:b.b.b.0/24 a:mailrelay a:exchange mx:male.example.com mx:femail -all" > > I realize that it is malformed - shouldn't have non FQDN's in the a: or > mx: types, and male.example.com doesn't have an mx record (it is the mx > for 'example.com'). But that being said, those ones that are valid > ought to be recognized. > Actually, as best I can tell, several popular SPF libraries will just barf on invalid records.
ie: http://www.kitterman.com/spf/validate.html Will barf, and refuse to generate a PASS. (I tried the tester with "v=spf1 mx ptr ip4:1.1.1.0/24 ip4:2.2.2.0/24 a:mailrelay a:exchange mx:male.example.com mx:femail -all" and mail being from:[EMAIL PROTECTED] ip: 1.1.1.11. I guess the assumption is an invalid SPF record isn't trustworthy at all, and quite likely created by a spammer, so it should only generate an error. Looking at Mail::SPF, it appears to generate an exception "Mail::SPF::EJunkInRecord" for bad records.
