Mailing List Archive: SPF TXT record peculiarities

SPF TXT record peculiarities

May 28, 2009, 5:19 PM

Post #1 of 4 (3333 views)

Hi -

we're seeing SPF fails for various domains and wondering if it's our
verification software (apache jSPF) or the TXT record.

$ host -t txt about.com
;; Truncated, retrying in TCP mode.
about.com descriptive text "v=spf1 ip4:207.241.148.60 ip4:207.241.148.40
ip4:207.241.148.227 ip4:207.241.145.5 ip4:207.241.145.6
ip4:207.241.149.197 ip4:207.241.148.39 ip4:207.241.148.226
ip4:207.241.148.227 ip4:207.241.148.64 ip4:207.241.148.228" "
a:mclist.about.com a:ablist.about.com a:smtp.about.com a:mxc1s.about.com
a:smtpapps.about.com a:listserv1.about.com a:listserv2.about.com
a:mail.about.com a:om1.about.com -all"

...the extra ...228" " a:mclist... section looks like a mistake (perhaps
in a SPF record-generator? There are a few domains that have a similar
thing going on). I'm not familiar enough with the TXT record syntax or
the host command to actually call their TXT record "broken".

Is that malformed, or is jSPF just not parsing robustly enough? Thanks
for any insight!

-c

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Re: SPF TXT record peculiarities [ In reply to ]

scott at kitterman

May 28, 2009, 7:32 PM

Post #2 of 4 (3212 views)

Permalink

> Hi -
>
> we're seeing SPF fails for various domains and wondering if it's our
> verification software (apache jSPF) or the TXT record.
>
> $ host -t txt about.com
> ;; Truncated, retrying in TCP mode.
> about.com descriptive text "v=spf1 ip4:207.241.148.60 ip4:207.241.148.40
> ip4:207.241.148.227 ip4:207.241.145.5 ip4:207.241.145.6
> ip4:207.241.149.197 ip4:207.241.148.39 ip4:207.241.148.226
> ip4:207.241.148.227 ip4:207.241.148.64 ip4:207.241.148.228" "
> a:mclist.about.com a:ablist.about.com a:smtp.about.com a:mxc1s.about.com
> a:smtpapps.about.com a:listserv1.about.com a:listserv2.about.com
> a:mail.about.com a:om1.about.com -all"
>
> ...the extra ...228" " a:mclist... section looks like a mistake (perhaps
> in a SPF record-generator? There are a few domains that have a similar
> thing going on). I'm not familiar enough with the TXT record syntax or
> the host command to actually call their TXT record "broken".

This is correct. Multi-string TXT records are not unusual and RFC 4408
calls for strings to just be concatenated with no spacing added, so that
leading space is correct and essential.

> Is that malformed, or is jSPF just not parsing robustly enough? Thanks
> for any insight!

A possible problem is that the record is large enough to require TCP
fallback and it is totally not rare for DNS over TCP to be firewalled. It
may be that your data is being blocked somewhere. What are the exact mail
log entries from a failure?

Scott K

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Re: SPF TXT record peculiarities [ In reply to ]

spfhelp at caseyconnor

May 28, 2009, 8:05 PM

Post #3 of 4 (3206 views)

Permalink

Thanks for the reply and the ideas!

I think it's jSPF. The error it gives is:

Term [ip4:207.241.148.228"] is not syntactically valid: ...

Sounds like parsing to me.. Or if it does have something to do with
firewalling then certainly not a graceful handling o the situation. I'll
check with them and see what they have to say...

-c

Scott Kitterman wrote:
>> Hi -
>>
>> we're seeing SPF fails for various domains and wondering if it's our
>> verification software (apache jSPF) or the TXT record.
>>
>> $ host -t txt about.com
>> ;; Truncated, retrying in TCP mode.
>> about.com descriptive text "v=spf1 ip4:207.241.148.60 ip4:207.241.148.40
>> ip4:207.241.148.227 ip4:207.241.145.5 ip4:207.241.145.6
>> ip4:207.241.149.197 ip4:207.241.148.39 ip4:207.241.148.226
>> ip4:207.241.148.227 ip4:207.241.148.64 ip4:207.241.148.228" "
>> a:mclist.about.com a:ablist.about.com a:smtp.about.com a:mxc1s.about.com
>> a:smtpapps.about.com a:listserv1.about.com a:listserv2.about.com
>> a:mail.about.com a:om1.about.com -all"
>>
>> ...the extra ...228" " a:mclist... section looks like a mistake (perhaps
>> in a SPF record-generator? There are a few domains that have a similar
>> thing going on). I'm not familiar enough with the TXT record syntax or
>> the host command to actually call their TXT record "broken".
>>
>
> This is correct. Multi-string TXT records are not unusual and RFC 4408
> calls for strings to just be concatenated with no spacing added, so that
> leading space is correct and essential.
>
>
>> Is that malformed, or is jSPF just not parsing robustly enough? Thanks
>> for any insight!
>>
>
> A possible problem is that the record is large enough to require TCP
> fallback and it is totally not rare for DNS over TCP to be firewalled. It
> may be that your data is being blocked somewhere. What are the exact mail
> log entries from a failure?
>
> Scott K
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org
> Modify Your Subscription: http://www.listbox.com/member/
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com
>

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Re: SPF TXT record peculiarities [ In reply to ]

spfhelp at caseyconnor

May 31, 2009, 9:38 PM

Post #4 of 4 (3206 views)

Permalink

Confirmed as a jSPF bug. They're on top of it, and getting a new release
out for it, perhaps soon.

https://issues.apache.org/jira/browse/JSPF-72

Thanks,
-c

Scott Kitterman wrote:
>> Hi -
>>
>> we're seeing SPF fails for various domains and wondering if it's our
>> verification software (apache jSPF) or the TXT record.
>>
>> $ host -t txt about.com
>> ;; Truncated, retrying in TCP mode.
>> about.com descriptive text "v=spf1 ip4:207.241.148.60 ip4:207.241.148.40
>> ip4:207.241.148.227 ip4:207.241.145.5 ip4:207.241.145.6
>> ip4:207.241.149.197 ip4:207.241.148.39 ip4:207.241.148.226
>> ip4:207.241.148.227 ip4:207.241.148.64 ip4:207.241.148.228" "
>> a:mclist.about.com a:ablist.about.com a:smtp.about.com a:mxc1s.about.com
>> a:smtpapps.about.com a:listserv1.about.com a:listserv2.about.com
>> a:mail.about.com a:om1.about.com -all"
>>
>> ...the extra ...228" " a:mclist... section looks like a mistake (perhaps
>> in a SPF record-generator? There are a few domains that have a similar
>> thing going on). I'm not familiar enough with the TXT record syntax or
>> the host command to actually call their TXT record "broken".
>>
>
> This is correct. Multi-string TXT records are not unusual and RFC 4408
> calls for strings to just be concatenated with no spacing added, so that
> leading space is correct and essential.
>
>
>> Is that malformed, or is jSPF just not parsing robustly enough? Thanks
>> for any insight!
>>
>
> A possible problem is that the record is large enough to require TCP
> fallback and it is totally not rare for DNS over TCP to be firewalled. It
> may be that your data is being blocked somewhere. What are the exact mail
> log entries from a failure?
>
> Scott K
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org
> Modify Your Subscription: http://www.listbox.com/member/
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com
>

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com