On 01/03/2021 18.41, John Levine wrote: > In article <8a937890-bfd7-8ee9-3818-063c12d68...@iki.fi> you write: >> } until match IP address connecting us or error count exceeded >> >> which means the error count very easily gets exceeded if your >> email server uses IPv6 and few (or none) of the other host names in >> the SPF record have such addresses. > > That would be a fairly broken implementation. RFC 7208 sec 4.3. says > > If the <domain> is malformed (e.g., label longer than 63 characters, > zero-length label not at the end, etc.) or is not a multi-label > domain name, or if the DNS lookup returns "Name Error" (RCODE 3, > also known as "NXDOMAIN" [RFC2308]), check_host() immediately > returns the result "none". DNS RCODEs are defined in [RFC1035]. ... > > If a name has an A record but no AAAA record, an AAAA lookup returns > success with no records, often called NOERROR. If your DNS library > is returning NXDOMAIN in that situation, you need to find a better > library ASAP.
Unfortunately, RFC 7208 section 4.6.4 DNS Lookup limits also states: As described at the end of Section 11.1, there may be cases where it is useful to limit the number of "terms" for which DNS queries return either a positive answer (RCODE 0) with an answer count of 0, or a "Name Error" (RCODE 3) answer. These are sometimes collectively referred to as "void lookups". SPF implementations SHOULD limit "void lookups" to two. An implementation MAY choose to make such a limit configurable. In this case, a default of two is RECOMMENDED. I read this as meaning most implementations will let you only have two NOERRORs, and then it's game over. As I said, I doubt SPF was intended to cause this side effect. -- /* * * Otto J. Makela <o...@iki.fi> * * * * * * * * * */ /* Phone: +358 40 765 5772, ICBM: N 60 10' E 24 55' */ /* Mail: Mechelininkatu 26 B 27, FI-00100 Helsinki */ /* * * Computers Rule 01001111 01001011 * * * * * * */ _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
