[opendmarc-users] SPF fail on domains with broken SPF record?
Scott Kitterman
sklist at kitterman.com
Tue May 17 05:06:49 PDT 2016
On Tuesday, May 17, 2016 01:42:46 PM A. Schulze wrote:
> Hello,
>
> the SPF record of sinfopac.com is broken. (owner is informed ...)
>
> My first spf checker mark messages from them with "spf=none",
> the opendmarc implementation say "spf=fail"
>
> I guess both implementations are wrong: permerror would be right:
> https://tools.ietf.org/html/rfc7208#section-2.6.7
>
> If someone could prove that I would open a Bugticket...
That's correct.
FWIW, http://kitterman.com/spf/validate.html gets it right and detects the
permerror.
"v=spf1 ip4:216.104.38.220 ip4:173.236.105.12 +a +mx + ~all"
It raises an error on the bare "+" right before the "~all" being an unknown
mechanism. It's probably slightly more precise to describe it as a known
qualifier, the "+", and a null mechanism (which is definitely unknown). Unknown
mechanisms get a permerror.
What's your first SPF checker?
Scott K
More information about the opendmarc-users
mailing list