Hey all, got a dubious claim I read today that's somewhat of a
head-scratcher.
Let's lay out the scenario.
* The following DNS answers are returned when queried (pseudocode):
o domain.com IN TXT "v=spf1 -all"
o test.domain.com IN TXT - NXDOMAIN
o _dmarc.test.domain.com IN TXT - NXDOMAIN
o _dmarc.domain.com IN TXT - NXDOMAIN
* An email is sent with the RFC5321.mailfrom and RFC5322.from
"t...@test.domain.com".
* The email is not signed with DKIM.
* The HELO FQDN has an SPF record with the corresponding MTA's IP in it.
This claim stated that (and I'm quoting verbatim here), "/I forced many
ESPs to start failing SPF for any subdomain of a domain that has no
explicit SPF, and fails SPF at the *primary domain level* /(Context
note: when/v=spf1 -all /exists at the primary domain)".
Has anyone observed or heard of this SPF treewalk-esque evaluation logic
being used by Receivers when an empty SPF fail policy is used at the
organizational domain, but the subdomain used for SPF evaluation doesn't
exist?
- Mark Alley
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
