Mailing List Archive

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Monte Hansen wrote:
> Calling all SPF RFC implementations =)
>
> Do any of you folks have an online SPF test page for your
> implementations that you would be willing to share?

Being curious, what's an "online SPF test page"?

We're still working on the official test suite, but I think you already
know that.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFE7X/zwL7PKlBZWjsRAl7dAKCTAEMFteHJjRBdz0JPDEZULY9F5gCfbpMN
KyWwLIEQPB7tWbllickaI3A=
=cZRg
-----END PGP SIGNATURE-----

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

Just a simple test page that takes IPAddress/Domain/Sender, that works
against <implementation>

Monte Hansen

"Julian Mehnle" <julian@mehnle.net> wrote in message
news:200608241031.15617.julian@mehnle.net...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Monte Hansen wrote:
>> Calling all SPF RFC implementations =)
>>
>> Do any of you folks have an online SPF test page for your
>> implementations that you would be willing to share?
>
> Being curious, what's an "online SPF test page"?
>
> We're still working on the official test suite, but I think you already
> know that.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.3 (GNU/Linux)
>
> iD8DBQFE7X/zwL7PKlBZWjsRAl7dAKCTAEMFteHJjRBdz0JPDEZULY9F5gCfbpMN
> KyWwLIEQPB7tWbllickaI3A=
> =cZRg
> -----END PGP SIGNATURE-----
>
> -------
> To unsubscribe, change your address, or temporarily deactivate your
> subscription,
> please go to
> http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com
>



-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

On Thu, 24 Aug 2006 09:19:03 -0700 "Monte Hansen"
<monte.hansen@stashsoft.com> wrote:
>Just a simple test page that takes IPAddress/Domain/Sender, that works
>against <implementation>
>
See http://www.kitterman.com/spf/validate.html for a page that uses pySPF.

Scott K

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

Thank you Scott. Very much appreciated.

Any others out there?

Monte Hansen

"Scott Kitterman" <scott@kitterman.com> wrote in message
news:20060824163321.BC4FD1500F1@mailout02.controlledmail.com...
> On Thu, 24 Aug 2006 09:19:03 -0700 "Monte Hansen"
> <monte.hansen@stashsoft.com> wrote:
>>Just a simple test page that takes IPAddress/Domain/Sender, that works
>>against <implementation>
>>
> See http://www.kitterman.com/spf/validate.html for a page that uses pySPF.
>
> Scott K
>
> -------
> To unsubscribe, change your address, or temporarily deactivate your
> subscription,
> please go to
> http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com
>



-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

> Thank you Scott. Very much appreciated.
>
> Any others out there?

http://spam.co.nz/spf/


Thanks
Craig

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

Thank you Craig and Scott.

For our implementation, I've posted this test page as well:
http://stashsoft.com/spf/Test.aspx

Monte Hansen


"Scott Kitterman" <scott@kitterman.com> wrote in message
news:20060824163321.BC4FD1500F1@mailout02.controlledmail.com...
> On Thu, 24 Aug 2006 09:19:03 -0700 "Monte Hansen"
> <monte.hansen@stashsoft.com> wrote:
>>Just a simple test page that takes IPAddress/Domain/Sender, that works
>>against <implementation>
>>
> See http://www.kitterman.com/spf/validate.html for a page that uses pySPF.
>
> Scott K
>
> -------
> To unsubscribe, change your address, or temporarily deactivate your
> subscription,
> please go to
> http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com
>



-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

On Friday 25 August 2006 09:48, Monte Hansen wrote:
> Thank you Craig and Scott.
>
> For our implementation, I've posted this test page as well:
> http://stashsoft.com/spf/Test.aspx
>
Thanks,

I think it needs some work...

Test:
Mail sent from: 192.0.34.166
Mail from (Sender): postmaster@microsoft.com

stashoft.com result:
Result = none

kitterman.com result:
Results - Permanent Error SPF Permanent Error: Too many DNS lookups

$ dig "TXT" microsoft.com

; <<>> DiG 9.3.2 <<>> TXT microsoft.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30959
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;microsoft.com. IN TXT

;; ANSWER SECTION:
microsoft.com. 1065 IN TXT "v=spf1 mx
include:_spf-a.microsoft.com include:_spf-b.microsoft.com
include:_spf-c.microsoft.com ~all"

I also tried it with a non-example IP address and got the same result.

Good luck. People did me this same favor last year when I put my validator
up.

Scott K

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

Thanks Scott, that server's got an older build. But I've since repromoted it
with the latest bits and it's looking much better. I've also added the
failure "reason" to the page, which was omitted in error. It's not 100% RFC
compliant, but I think it's getting pretty close.

I really appreciate the error being pointed out. And to anyone willing to
take a jab, I say: Hit Me! ;-)

Monte Hansen


"Scott Kitterman" <scott@kitterman.com> wrote in message
news:200608251256.58099.scott@kitterman.com...
> On Friday 25 August 2006 09:48, Monte Hansen wrote:
>> Thank you Craig and Scott.
>>
>> For our implementation, I've posted this test page as well:
>> http://stashsoft.com/spf/Test.aspx
>>
> Thanks,
>
> I think it needs some work...
>
> Test:
> Mail sent from: 192.0.34.166
> Mail from (Sender): postmaster@microsoft.com
>
> stashoft.com result:
> Result = none
>
> kitterman.com result:
> Results - Permanent Error SPF Permanent Error: Too many DNS lookups
>
> $ dig "TXT" microsoft.com
>
> ; <<>> DiG 9.3.2 <<>> TXT microsoft.com
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30959
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;microsoft.com. IN TXT
>
> ;; ANSWER SECTION:
> microsoft.com. 1065 IN TXT "v=spf1 mx
> include:_spf-a.microsoft.com include:_spf-b.microsoft.com
> include:_spf-c.microsoft.com ~all"
>
> I also tried it with a non-example IP address and got the same result.
>
> Good luck. People did me this same favor last year when I put my
> validator
> up.
>
> Scott K
>
> -------
> To unsubscribe, change your address, or temporarily deactivate your
> subscription,
> please go to
> http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com
>



-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

Thanks Craig,

I've reran against the later bits and have come up with results consistent
with Kitterman's page (below). There's one exception for test5.spam.co.nz
which http://stashsoft/spf/test.aspx results in fail, and
http://www.kitterman.com/spf/validate.htm results in permerror. Our's
behaves as designed according to our interpretation of the RFC. I had
planned on raising this and other questions when the final test suite comes
out.

I appreciate the pointers. Please feel free to point them out to me if you
discover others.

Monte Hansen

Result: permerror
Reason: Unknown mechanism found 'moo'.
v=spf1 ip4:219.88.242.0/27 -all moo
Processing Domain: test1.spam.co.nz SPF record: v=spf1
ip4:219.88.242.0/27 -all moo
-----------------------------------------------------
Result: permerror
Reason: Command depth exceeded (10).
v=spf1 ip4:219.88.242.0/27 include:test2.spam.co.nz -all
Processing Domain: test2.spam.co.nz SPF record: v=spf1 ip4:219.88.242.0/27
include:test2.spam.co.nz -all
-----------------------------------------------------
Result: permerror
Reason: Recurse depth exceeded.
v=spf1 redirect:test3.spam.co.nz -all
Processing Domain: test3.spam.co.nz SPF record: v=spf1
redirect:test3.spam.co.nz -all
-----------------------------------------------------
Result: permerror
Reason: Recurse depth exceeded.
v=spf1 redirect=test4.spam.co.nz -all
Processing Domain: test4.spam.co.nz SPF record: v=spf1
redirect=test4.spam.co.nz -all
-----------------------------------------------------
Result: fail ***********
---------------------------------------------
Kitterman: Results - Permanent Error SPF Permanent Error: Invalid IP4
address: ip4:1.1.1.1/0
---------------------------------------------
v=spf1 ip4:1.1.1.1/0 -all
Processing Domain: test5.spam.co.nz SPF record: v=spf1 ip4:1.1.1.1/0 -all
Testing Command=ip4:1.1.1.1/0 IP=192.0.34.166 Domain=test5.spam.co.nz
HostName=test5.spam.co.nz Result=NEUTRAL
Testing Command=-all IP=192.0.34.166 Domain=test5.spam.co.nz
HostName=test5.spam.co.nz Result=FAIL
-----------------------------------------------------
Result: fail
v=spf1 ip4:1.1.1.0/31 -all
Processing Domain: test6.spam.co.nz SPF record: v=spf1 ip4:1.1.1.0/31 -all
Testing Command=ip4:1.1.1.0/31 IP=192.0.34.166 Domain=test6.spam.co.nz
HostName=test6.spam.co.nz Result=NEUTRAL
Testing Command=-all IP=192.0.34.166 Domain=test6.spam.co.nz
HostName=test6.spam.co.nz Result=FAIL
-----------------------------------------------------
Result: permerror
Reason: Invalid CIDR length.
v=spf1 ip4:1.1.1.0/34 -all
Processing Domain: test7.spam.co.nz SPF record: v=spf1 ip4:1.1.1.0/34 -all
-----------------------------------------------------
Result: fail
v=spf1 ip4:1.1.1.255/16 -all
Processing Domain: test8.spam.co.nz SPF record: v=spf1 ip4:1.1.1.255/16 -all
Testing Command=ip4:1.1.1.255/16 IP=192.0.34.166 Domain=test8.spam.co.nz
HostName=test8.spam.co.nz Result=NEUTRAL
Testing Command=-all IP=192.0.34.166 Domain=test8.spam.co.nz
HostName=test8.spam.co.nz Result=FAIL
-----------------------------------------------------
Result: neutral
v=spf1 ip4:1.1.1.255/16
Processing Domain: test9.spam.co.nz SPF record: v=spf1 ip4:1.1.1.255/16
Testing Command=ip4:1.1.1.255/16 IP=192.0.34.166 Domain=test9.spam.co.nz
HostName=test9.spam.co.nz Result=NEUTRAL
-----------------------------------------------------
Result: fail
v=spf1 ip4:1.1.1.0/2 -all
Processing Domain: test10.spam.co.nz SPF record: v=spf1 ip4:1.1.1.0/2 -all
Testing Command=ip4:1.1.1.0/2 IP=192.0.34.166 Domain=test10.spam.co.nz
HostName=test10.spam.co.nz Result=NEUTRAL
Testing Command=-all IP=192.0.34.166 Domain=test10.spam.co.nz
HostName=test10.spam.co.nz Result=FAIL
-----------------------------------------------------
Result: permerror
Reason: Unknown mechanism found '1.1.1.0/24'.
v=spf1 ip4 1.1.1.0/24 -all
Processing Domain: test11.spam.co.nz SPF record: v=spf1 ip4 1.1.1.0/24 -all
-----------------------------------------------------
Result: permerror
Reason: Incorrect usage of 'ip4' mechanism. Expected suffix.
v=spf1 ip4: 1.1.1.0/24 -all
Processing Domain: test12.spam.co.nz SPF record: v=spf1 ip4: 1.1.1.0/24 -all
-----------------------------------------------------
Result: permerror
Reason: Incorrect usage of 'a' mechanism. Expected (domain-spec).
v=spf1 a:219.88.242.0/27 -all
Processing Domain: test13.spam.co.nz SPF record: v=spf1
a:219.88.242.0/27 -all
-----------------------------------------------------
Result: fail
v=spf1 a:219.88.242.com -all
Processing Domain: test14.spam.co.nz SPF record: v=spf1
a:219.88.242.com -all
Testing Command=a:219.88.242.com IP=192.0.34.166 Domain=test14.spam.co.nz
HostName=test14.spam.co.nz Result=NEUTRAL
Testing Command=-all IP=192.0.34.166 Domain=test14.spam.co.nz
HostName=test14.spam.co.nz Result=FAIL
-----------------------------------------------------
Result: permerror
Reason: Incorrect usage of 'a' mechanism. Expected fully qualified domain
name.
v=spf1 a:spam.co.nz.255 -all
Processing Domain: test15.spam.co.nz SPF record: v=spf1
a:spam.co.nz.255 -all
-----------------------------------------------------

</SnipFromOutterThread>
"Craig Whitmore" <lennon@orcon.net.nz> wrote in message
news:015b01c6c7e4$db2fed60$de0dea3c@office.orcon.net.nz...
>
> Its not very good in picking up common errors that people make. Compare
> Scott's SPF results against yours for
> testX.spam.co.nz (X=1->15)
>
> But I guess this is why we need a "common" test.
>
> Thanks
> Craig
<SnipFromOutterThread>



-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

On Sat, 26 Aug 2006, Monte Hansen wrote:

> I've reran against the later bits and have come up with results consistent
> with Kitterman's page (below). There's one exception for test5.spam.co.nz
> which http://stashsoft/spf/test.aspx results in fail, and
> http://www.kitterman.com/spf/validate.htm results in permerror. Our's
> behaves as designed according to our interpretation of the RFC. I had
> planned on raising this and other questions when the final test suite comes
> out.

I've added this test to the suite:

description: >-
ip4 syntax
tests:
cidr-0-ok:
description: |-
CIDR-0 always matches
ip4-cidr-length = "/" 1*DIGIT
spec: 5.6/2
helo: mail.example.com
host: 1.2.3.4
mailfrom: foo@e1.example.com
result: pass
zonedata:
mail.example.com:
- A: 1.2.3.4
e1.example.com:
- SPF: v=spf1 ip4:1.1.1.1/0 -all

Pyspf is (was - about to fix) wrong on this test because /0 is clearly allowed
syntactically. It might be worth a Warning if /0 is preceded by
anything other than 0.0.0.0.

Now, what about /33 ? The RFC syntax allows it.

tests:
cidr-32:
description: >-
CIDR 32 matches exactly
spec: 5.6/3
helo: mail.example.com
host: 1.2.3.4
mailfrom: foo@e2.example.com
result: pass
cidr-33:
description: >-
CIDR >33 never matches
spec: 5.6/3
helo: mail.example.com
host: 1.2.3.4
mailfrom: foo@e3.example.com
result: fail
zonedata:
mail.example.com:
- A: 1.2.3.4
e2.example.com:
- SPF: v=spf1 ip4:1.2.3.4/32 -all
e3.example.com:
- SPF: v=spf1 ip4:1.2.3.4/33 -all

Should the result of cidr-33 be permerror? Or fail? Or either since
the RFC is ambiguous? Really, the test suite should have come
before the RFC ...

--
Stuart D. Gathman <stuart@bmsi.com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Monte Hansen wrote:
> Result: permerror
> Reason: Recurse depth exceeded.
> v=spf1 redirect:test3.spam.co.nz -all
> Processing Domain: test3.spam.co.nz SPF record: v=spf1
> redirect:test3.spam.co.nz -all

This is wrong, even though the result code of "PermError" is correct.
"PermError" must not be raised due to excess recursion but due to an
invalid mechanism name. There is no "redirect:" mechanism.

> Result: fail ***********
> ---------------------------------------------
> Kitterman: Results - Permanent Error SPF Permanent Error: Invalid IP4
> address: ip4:1.1.1.1/0
> v=spf1 ip4:1.1.1.1/0 -all
> Processing Domain: test5.spam.co.nz SPF record: v=spf1 ip4:1.1.1.1/0 -all

"1.1.1.1/0" is a valid << ip4-network ip4-cidr-length >> according to the
spec. The fact that the spec allows it may be of questionable rationale,
but it's still a fact. So Scott's validator and pyspf are wrong.

However, "ip4:1.1.1.1/0" should match _all_ IPv4 addresses (as opposed
to "ip4:1.1.1.1/32", which should only match 1.1.1.1), so you should
really be getting a "Pass", not a "Fail" (let alone a "PermError"), unless
the connection comes from an IPv6 address.

BTW, your usage of the term "command" for what the spec calls "mechanism"
is confusing.

> Result: permerror
> Reason: Unknown mechanism found '1.1.1.0/24'.
> v=spf1 ip4 1.1.1.0/24 -all
> Processing Domain: test11.spam.co.nz SPF record: v=spf1 ip4
1.1.1.0/24 -all

Again, correct result, but for the wrong reason. "ip4" on its own is not a
valid mechanism (nor is "ip4:", as test12 correctly assumes).

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE82p5wL7PKlBZWjsRAhMgAJwKCdP+1zTRe0+0OG7oxBaUPlw54gCg4uMi
zbBtycuWj4M+c0KsPIFyRAg=
=oXnm
-----END PGP SIGNATURE-----

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stuart D. Gathman wrote:
> I've added this test to the suite:
>
> description: >-
> ip4 syntax
> tests:
> cidr-0-ok:
> description: |-
> CIDR-0 always matches
> ip4-cidr-length = "/" 1*DIGIT
> spec: 5.6/2
> helo: mail.example.com
> host: 1.2.3.4
> mailfrom: foo@e1.example.com
> result: pass
> zonedata:
> mail.example.com:
> - A: 1.2.3.4
> e1.example.com:
> - SPF: v=spf1 ip4:1.1.1.1/0 -all

Good.

Be careful about the indentations of the records ("- TYPE: DATA"), though.
I'm not positive whether the above is legal YAML, as it mixes mappings
("mail.example.com:") with list items ("- ...") on the same level. At the
very least, the YAML Perl module rejects it. (The YAML Perl module was
written by one of the inventors of YAML, however it's based on an older
revision of the YAML spec, so it's theoretically possible that it's simply
out of date.)

> Now, what about /33 ? The RFC syntax allows it.
>
> tests:
> cidr-32:
> ...
> cidr-33:
> ...

Please call those "cidr4-32" and "cidr4-33". "/33" is very well allowed
for IPv6 CIDRs.

> Should the result of cidr-33 be permerror? Or fail? Or either since
> the RFC is ambiguous?

It is tempting to allow both due to the spec being mute about it. But I
think the right thing to do would be to consider an ip4-cidr-length of
"/33" outlawed. It simply doesn't make any sense, just like "x div 0".
It's an error that the record owner should be made aware of ASAP, just
like the other reasons for "PermError".

> Really, the test suite should have come before the RFC ...

Yeah. Let's do a test suite before blessing any future SPF spec.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE821IwL7PKlBZWjsRAk7ZAKC1OcGL4+OkqW9Z6Hn+eCVL/m9SOACgoGn1
PTWZ9652XnT7JBoZTxSw3+k=
=QOph
-----END PGP SIGNATURE-----

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

Julian Mehnle wrote:

> I think the right thing to do would be to consider an
> ip4-cidr-length of "/33" outlawed. It simply doesn't make
> any sense, just like "x div 0". It's an error that the
> record owner should be made aware of ASAP, just like the
> other reasons for "PermError".

+1 But don't get carried away, checking that the IP is a
plausible public IP would go too far, unless it's covered by
a MUST or SHOULD somewhere in the RFC - but I think it isn't.

Frank


-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frank Ellermann wrote:
> [...] But don't get carried away, checking that the IP is a plausible
> public IP would go too far, unless it's covered by a MUST or SHOULD
> somewhere in the RFC - but I think it isn't.

Of course it isn't. SPF and RFC 1918 (or IPv6's equivalent) are ortho-
gonal. It's very well possible to use SPF and your own DNS space within a
network using private IP address space.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE9AunwL7PKlBZWjsRAtiaAKC/3TBqMz9p8g1BvANkw00/9O86wwCghB4t
dEz0cCwiPeX1cLcvFzTe0ro=
=yY0k
-----END PGP SIGNATURE-----

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

Several corrections and improvements made according to your comments, save
the cidr-related items. Another beast to tackle later =).

Thank you Julian.

Monte Hansen

"Julian Mehnle" <julian@mehnle.net> wrote in message
news:200608282213.13183.julian@mehnle.net...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Monte Hansen wrote:
>> Result: permerror
>> Reason: Recurse depth exceeded.
>> v=spf1 redirect:test3.spam.co.nz -all
>> Processing Domain: test3.spam.co.nz SPF record: v=spf1
>> redirect:test3.spam.co.nz -all
>
> This is wrong, even though the result code of "PermError" is correct.
> "PermError" must not be raised due to excess recursion but due to an
> invalid mechanism name. There is no "redirect:" mechanism.
>
>> Result: fail ***********
>> ---------------------------------------------
>> Kitterman: Results - Permanent Error SPF Permanent Error: Invalid IP4
>> address: ip4:1.1.1.1/0
>> v=spf1 ip4:1.1.1.1/0 -all
>> Processing Domain: test5.spam.co.nz SPF record: v=spf1 ip4:1.1.1.1/0 -all
>
> "1.1.1.1/0" is a valid << ip4-network ip4-cidr-length >> according to the
> spec. The fact that the spec allows it may be of questionable rationale,
> but it's still a fact. So Scott's validator and pyspf are wrong.
>
> However, "ip4:1.1.1.1/0" should match _all_ IPv4 addresses (as opposed
> to "ip4:1.1.1.1/32", which should only match 1.1.1.1), so you should
> really be getting a "Pass", not a "Fail" (let alone a "PermError"), unless
> the connection comes from an IPv6 address.
>
> BTW, your usage of the term "command" for what the spec calls "mechanism"
> is confusing.
>
>> Result: permerror
>> Reason: Unknown mechanism found '1.1.1.0/24'.
>> v=spf1 ip4 1.1.1.0/24 -all
>> Processing Domain: test11.spam.co.nz SPF record: v=spf1 ip4
> 1.1.1.0/24 -all
>
> Again, correct result, but for the wrong reason. "ip4" on its own is not
> a
> valid mechanism (nor is "ip4:", as test12 correctly assumes).
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (GNU/Linux)
>
> iD8DBQFE82p5wL7PKlBZWjsRAhMgAJwKCdP+1zTRe0+0OG7oxBaUPlw54gCg4uMi
> zbBtycuWj4M+c0KsPIFyRAg=
> =oXnm
> -----END PGP SIGNATURE-----
>
> -------
> To unsubscribe, change your address, or temporarily deactivate your
> subscription,
> please go to
> http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com
>



-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com