> The SPF check returns "error" to indicate the fact that the DNS lookup
> has failed. If you'd like, you can configure the "error" status as a
> mail rejection status. It's entirely up to you, how you want to handle
> DNS lookup failures.
>
> But, of course, you understand that every DNS lookup failure will
> result in rejected mail. Even from IP addresses whose SPF check would
> otherwise pass, and from domains with no SPF records at all.
That makes the SPF-check entirely useless for domains like that. If I
reject error status, I would reject all mails from such a domain, even
when the sender matches one of the other rules (a, ptr).
RFC4408 Section 5.4. <https://tools.ietf.org/pdf/rfc4408.pdf#61> only
states:
> If the <target-name> has no MX records, check_host() MUST NOT pretend
> the target is its single MX, and MUST NOT default to an A lookup on
> the <target-name> directly.
Note that it doesn't say the SPF-check should return an error, but only
that it must not default to an A lookup.
RFC4408 Section 5.0. <https://tools.ietf.org/pdf/rfc4408.pdf#53> states:
> If the server returns "domain does not exist" (RCODE 3), then
> evaluation of the mechanism continues as if the server returned no
> error (RCODE 0) and zero answer records.
I read that as: if there is no MX record, the SPF-check should ignore
the mx-directive.
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
