Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SPF>
  3. Help
SPF Test
fdickey at v-sources
Jul 27, 2004, 7:09 AM
Post #1 of 4 (2678 views)
Permalink
Ok, I've been reading this forum for awhile and after realizing that
dnsstuff.com has an SPF test (man I missed that one) in addition to the one
on the official SPF web site, I did the test and it failed me yesterday even
though the other test on the SPF site passed me. I had read something about
the SPF wizard leaving quotes around the TXT string being a bad thing, so I
removed the quotes encapsulating my SPF TXT record and tested on DNS stuff
today. Overall, it passed. But there is one failure in the series of tests
it appeared to do that I have a question about:
-----------------------------------------------------
SPF lookup of sender fdickey@v-sources.com from IP 64.139.78.162:


SPF string used: v=spf1 ip4:64.139.78.162 mx a:mail.v-sources.com
mx:mail.v-sources.com -all.
Processing SPF string: v=spf1 ip4:64.139.78.162 mx a:mail.v-sources.com
mx:mail.v-sources.com -all.
Testing 'ip4:64.139.78.162' on IP=64.139.78.162, target domain
64.139.78.162, CIDR 32, default=PASS. MATCH!
Testing 'mx' on IP=64.139.78.162, target domain v-sources.com, CIDR 32,
default=PASS. Testing 'a:mail.v-sources.com' on IP=64.139.78.162, target
domain mail.v-sources.com, CIDR 32, default=PASS. Testing
'mx:mail.v-sources.com' on IP=64.139.78.162, target domain
mail.v-sources.com, CIDR 32, default=PASS. Testing 'all' on
IP=64.139.78.162, target domain v-sources.com, CIDR 32, default=FAIL.
<<<---this is the one ????
Result: PASS


Known Issues:
None.
-------------------------------------

In this test, everything appears to pass except for the last test "Testing
'all'". I am assuming that this is because I have the -all at the end of my
TXT record indicating that no other servers are allowed to send email that
is not specified directly in the TXT record. In that case, that's exactly
what I would want to fail. Is this a correct assumption or do I still need
to resolve an issue with my SPF record?

My SPF record appears as follows:

"v=spf1 ip4:64.139.78.162 mx a:mail.v-sources.com mx:mail.v-sources.com
-all"

It's strange that DNSstuff failed me yesterday when the registration site
for SPF passed me a few weeks ago. LOL.

BTW, I'm aware that my reverse DNS resolves back to the hostname assigned by
my ISP. In the future, will this matter? Will the reverse DNS hostname be
scrutinized to resolve back to the same domain as the forward DNS record? I
wouldn't think so, since the reverse hostname record for my ISP will
eventually lead back to me through their records if someone really wanted to
find out who was sending what, but I could be wrong. Would it be best
practice to update the reverse record or does it matter?

Thanks in advance for anyone's input.

Fred Dickey, IT Support Specialist
Virtual Resources, Inc.
Web: www.v-sources.com


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
Re: SPF Test [ In reply to ]
dmd at speakeasy
Jul 27, 2004, 7:59 AM
Post #2 of 4 (2604 views)
Permalink
That can't be quite right.

My domains work in dnsstuff.com and have quotes around the domain.

sample string, using BIND 8.4.4 on my end for DNS.

pique.net. IN TXT "v=spf1 a mx ptr ip4:216.254.34.250 -all"

queried in dnsstuff returns:

pique.net. TXT IN 3600000 "v=spf1 a mx ptr ip4:216.254.34.250
-all"

And using the other test

SPF lookup of sender droid@pique.net from IP 216.254.34.250:

SPF string used: v=spf1 a mx ptr ip4:216.254.34.250 -all.

Processing SPF string: v=spf1 a mx ptr ip4:216.254.34.250 -all.
Testing 'a' on IP=216.254.34.250, target domain pique.net, CIDR 32,
default=PASS. MATCH!
Testing 'mx' on IP=216.254.34.250, target domain pique.net, CIDR 32,
default=PASS. Testing 'ptr' on IP=216.254.34.250, target domain pique.net, CIDR
32, default=PASS. Testing 'ip4:216.254.34.250' on IP=216.254.34.250, target
domain 216.254.34.250, CIDR 32, default=PASS. Testing 'all' on
IP=216.254.34.250, target domain pique.net, CIDR 32, default=FAIL.
Result: PASS


What I think might be occurring in your case is your A and PTR don't match
for your IP:

$ host 64.139.78.162
162.78.139.64.IN-ADDR.ARPA domain name pointer
64-139-78-162-ubr01a-shrpsr01-tn.hfc.comcastbusiness.net

But while

$ host mail.v-sources.com
mail.v-sources.com has address 64.139.78.162

The folks at comcast have kept the PTR record for themselves, it would seem.
That I think is what the report you're getting is saying.. the way the internet
was supposed to work (tm) was that mail servers would have forward and reverse
DNS that matches. A lot of mail agents will kindly overlook this and
deliver mail anyway -- but thats another whole issue. Something SPF is
in a roundabout way seeking to fix, is that we got way too loose with what
we allowed to be delivered in the way of a message. The assumption pre-spammers
was "every best faith effort will be made to deliver the mail" and that has led
to some allowing of weirdly wrong configurations for DNS over the years.

+-------------------------
+ Dave Dennis
+ Seattle, WA
+ dmd@speakeasy.org
+ http://www.dmdennis.com
+-------------------------

On Tue, 27 Jul 2004, Fred Dickey wrote:

> Ok, I've been reading this forum for awhile and after realizing that
> dnsstuff.com has an SPF test (man I missed that one) in addition to the one
> on the official SPF web site, I did the test and it failed me yesterday even
> though the other test on the SPF site passed me. I had read something about
> the SPF wizard leaving quotes around the TXT string being a bad thing, so I
> removed the quotes encapsulating my SPF TXT record and tested on DNS stuff
> today. Overall, it passed. But there is one failure in the series of tests
> it appeared to do that I have a question about:
> -----------------------------------------------------
> SPF lookup of sender fdickey@v-sources.com from IP 64.139.78.162:
>
>
> SPF string used: v=spf1 ip4:64.139.78.162 mx a:mail.v-sources.com
> mx:mail.v-sources.com -all.
> Processing SPF string: v=spf1 ip4:64.139.78.162 mx a:mail.v-sources.com
> mx:mail.v-sources.com -all.
> Testing 'ip4:64.139.78.162' on IP=64.139.78.162, target domain
> 64.139.78.162, CIDR 32, default=PASS. MATCH!
> Testing 'mx' on IP=64.139.78.162, target domain v-sources.com, CIDR 32,
> default=PASS. Testing 'a:mail.v-sources.com' on IP=64.139.78.162, target
> domain mail.v-sources.com, CIDR 32, default=PASS. Testing
> 'mx:mail.v-sources.com' on IP=64.139.78.162, target domain
> mail.v-sources.com, CIDR 32, default=PASS. Testing 'all' on
> IP=64.139.78.162, target domain v-sources.com, CIDR 32, default=FAIL.
> <<<---this is the one ????
> Result: PASS
>
>
> Known Issues:
> None.
> -------------------------------------
>
> In this test, everything appears to pass except for the last test "Testing
> 'all'". I am assuming that this is because I have the -all at the end of my
> TXT record indicating that no other servers are allowed to send email that
> is not specified directly in the TXT record. In that case, that's exactly
> what I would want to fail. Is this a correct assumption or do I still need
> to resolve an issue with my SPF record?
>
> My SPF record appears as follows:
>
> "v=spf1 ip4:64.139.78.162 mx a:mail.v-sources.com mx:mail.v-sources.com
> -all"
>
> It's strange that DNSstuff failed me yesterday when the registration site
> for SPF passed me a few weeks ago. LOL.
>
> BTW, I'm aware that my reverse DNS resolves back to the hostname assigned by
> my ISP. In the future, will this matter? Will the reverse DNS hostname be
> scrutinized to resolve back to the same domain as the forward DNS record? I
> wouldn't think so, since the reverse hostname record for my ISP will
> eventually lead back to me through their records if someone really wanted to
> find out who was sending what, but I could be wrong. Would it be best
> practice to update the reverse record or does it matter?
>
> Thanks in advance for anyone's input.
>
> Fred Dickey, IT Support Specialist
> Virtual Resources, Inc.
> Web: www.v-sources.com
>
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
Re: SPF Test [ In reply to ]
spf at metro
Jul 27, 2004, 1:43 PM
Post #3 of 4 (2569 views)
Permalink
Hi,

I've been wadding through a huge backlog of mail, so forgive me if this
makes no sense, but:

On Tue, Jul 27, 2004 at 10:09:06AM -0400, Fred Dickey wrote:
> SPF string used: v=spf1 ip4:64.139.78.162 mx a:mail.v-sources.com
> mx:mail.v-sources.com -all.
> Processing SPF string: v=spf1 ip4:64.139.78.162 mx a:mail.v-sources.com
> mx:mail.v-sources.com -all.
> Testing 'ip4:64.139.78.162' on IP=64.139.78.162, target domain
> 64.139.78.162, CIDR 32, default=PASS. MATCH!
> Testing 'mx' on IP=64.139.78.162, target domain v-sources.com, CIDR 32,
> default=PASS. Testing 'a:mail.v-sources.com' on IP=64.139.78.162, target
> domain mail.v-sources.com, CIDR 32, default=PASS. Testing
> 'mx:mail.v-sources.com' on IP=64.139.78.162, target domain
> mail.v-sources.com, CIDR 32, default=PASS. Testing 'all' on
> IP=64.139.78.162, target domain v-sources.com, CIDR 32, default=FAIL.
> <<<---this is the one ????
> Result: PASS

Doesn't the Result: PASS mean the final SPF result is PASS ?

If I look at vsources.com:

v-sources.com. 600 IN A 10.14.10.70
v-sources.com. 600 IN A 10.14.10.91

see how 64.139.78.162 is not there (in fact, having 10.x.x.x adresses in
there is a bit odd at the least i think).

Oh wait, it doesn't matter..

It's just 'default=FAIL', since it is -all. What counts is 'Result:
PASS' meaning that the spf result is PASS.

Koen

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
RE: SPF Test [ In reply to ]
fdickey at v-sources
Jul 27, 2004, 2:40 PM
Post #4 of 4 (2616 views)
Permalink
I just cleaned that up. Didn't realize that was still in there.
V-sources.com should now resolve to our public IP instead of the private IP
of our gateway server. Thanks for pointing that out to me. It must have
auto-configured that at some point. It is Microsoft DNS server after all.

Fred Dickey, IT Support Specialist
Virtual Resources, Inc.
Web: www.v-sources.com

On Tue, Jul 27, 2004 at 10:09:06AM -0400, Fred Dickey wrote:
> SPF string used: v=spf1 ip4:64.139.78.162 mx a:mail.v-sources.com
> mx:mail.v-sources.com -all.
> Processing SPF string: v=spf1 ip4:64.139.78.162 mx a:mail.v-sources.com
> mx:mail.v-sources.com -all.
> Testing 'ip4:64.139.78.162' on IP=64.139.78.162, target domain
> 64.139.78.162, CIDR 32, default=PASS. MATCH!
> Testing 'mx' on IP=64.139.78.162, target domain v-sources.com, CIDR 32,
> default=PASS. Testing 'a:mail.v-sources.com' on IP=64.139.78.162, target
> domain mail.v-sources.com, CIDR 32, default=PASS. Testing
> 'mx:mail.v-sources.com' on IP=64.139.78.162, target domain
> mail.v-sources.com, CIDR 32, default=PASS. Testing 'all' on
> IP=64.139.78.162, target domain v-sources.com, CIDR 32, default=FAIL.
> <<<---this is the one ????
> Result: PASS

Doesn't the Result: PASS mean the final SPF result is PASS ?

If I look at vsources.com:

v-sources.com. 600 IN A 10.14.10.70
v-sources.com. 600 IN A 10.14.10.91

see how 64.139.78.162 is not there (in fact, having 10.x.x.x adresses in
there is a bit odd at the least i think).

Oh wait, it doesn't matter..

It's just 'default=FAIL', since it is -all. What counts is 'Result:
PASS' meaning that the spf result is PASS.

Koen

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal