|Subject:||spf2 record includes spf1 record|
|Date:||Tue, 29 Mar 2011 18:13:16 -0600|
|To:||"bug-mail-spf [...] rt.cpan.org" <bug-mail-spf [...] rt.cpan.org>|
|From:||J D Falk <jdfalk [...] returnpath.net>|
We've run into an interesting issue -- not sure if it's a bug, or a difference in interpretation. The spf2.0/pra record for vodafone.it has two include statements: vodafone.it text = "v=spf1 include:spf1.vodafone.it include:aspmx.googlemail.com include:t.contactlab.it ~all" vodafone.it text = "spf2.0/pra include:spf2.vodafone.it include:aspmx.googlemail.com include:senderid-a.contactlab.it -all" Google's included record redirects to a record which is only spf1: aspmx.googlemail.com text = "v=spf1 redirect=_spf.google.com" _spf.google.com text = "v=spf1 ip4:22.214.171.124/19 ip4:126.96.36.199/19 ip4:188.8.131.52/20 ip4:184.108.40.206/18 ip4:220.127.116.11/17 ip4:18.104.22.168/20 ip4:22.214.171.124/16 ip4:126.96.36.199/20 ip4:188.8.131.52/20 ip4:184.108.40.206/16 ?all" One possible interpretation is that when processing spf2 records & includes, spf1 records should be ignored -- we believe that's what Mail::SPF is doing when it says "Included domain \'aspmx.googlemail.com\' has no applicable sender policy." Another is to interpret the included spf1 record the way SenderID interprets standalone spf1 records, which we're pretty sure is what Microsoft is doing when they mark the same message as having passed. But since only Microsoft cares about SenderID these days, our clients want our tools to act the way theirs do -- and we use Mail::SPF. Is this behavior configurable? Or is something else going on? -- J.D. Falk Editor, The Received: Blog Return Path Inc.