[opendmarc-users] SPF fail on domains with broken SPF record?

Scott Kitterman sklist at kitterman.com
Tue May 17 05:06:49 PDT 2016


On Tuesday, May 17, 2016 01:42:46 PM A. Schulze wrote:
> Hello,
> 
> the SPF record of sinfopac.com is broken. (owner is informed ...)
> 
> My first spf checker mark messages from them with "spf=none",
> the opendmarc implementation say "spf=fail"
> 
> I guess both implementations are wrong: permerror would be right:
> https://tools.ietf.org/html/rfc7208#section-2.6.7
> 
> If someone could prove that I would open a Bugticket...

That's correct.

FWIW, http://kitterman.com/spf/validate.html gets it right and detects the 
permerror.

"v=spf1 ip4:216.104.38.220 ip4:173.236.105.12 +a +mx + ~all"

It raises an error on the bare "+" right before the "~all" being an unknown 
mechanism.  It's probably slightly more precise to describe it as a known 
qualifier, the "+", and a null mechanism (which is definitely unknown).  Unknown 
mechanisms get a permerror.

What's your first SPF checker?

Scott K


More information about the opendmarc-users mailing list