Alessandro Vesely <ves...@tana.it> possibly may have written:
>>> If you don't care enough to publish a valid SPF record, why should
>>> we think you care whether we deliver your mail?
>>
>> The customer in question used an ESP to send marketing emails.
>> That ESP told him what host to include in his SPF record.
>>
>> Probably some years later, that ESP changed domain and that include
>> became invalid.
>
>Anyone took care to alert them about that error?
In my experience, most organizations don't have a good handle on their
public facing DNS (or their private, but that's a different issue), and
making changes to these records is a process that the staff find fraught
with confusion, career-ending moments, and fear.
The lack of self-documentation in the DNS ("Why did we put that in the
DNS and who was responsible and do we still need it?") exacerbates the
problem.
Fixing SPF records is not a simple thing in today's Internet-connected
organizations. Alerting them of these errors seems to increase entropy
rather than reduce it. Again, in my experience.
If you want to spend an amusing few moments, try querying large
organization's DNS records for TXT and count the number of "we had to
put this in to verify a cert/web site/service" records that were added
for one-time domain verification and are still in, years later.
Sometimes there are enough that the record no longer fits in UDP and
requires a TCP response...
% dig TXT unhcr.org
; <<>> DiG 9.10.6 <<>> TXT unhcr.org
;; ANSWER SECTION:
unhcr.org. 300 IN TXT
"4dPjn0bLvSs+K1Q8VUB00xdR09jgiB5+coOxz3Av9vqDDYIYHPjyKl9KLiCCeD02xwqfVw19LtQ/gcVDIjgxDw=="
unhcr.org. 300 IN TXT "591eoor52joegqskl9ac184iqd"
unhcr.org. 300 IN TXT "5t8fcmfgf2nc2ndqaqs2pvdfcf"
unhcr.org. 300 IN TXT "8h8bhm0dhut6hn1l4do8fn85jh"
unhcr.org. 300 IN TXT
"MS=3CE9D5FA6A0EB3B64A7A7A3F8D026EF18EA80952"
unhcr.org. 300 IN TXT "MS=ms93905490"
unhcr.org. 300 IN TXT "dt6emv4ipvnvvmv3noolv6o777"
unhcr.org. 300 IN TXT "gimrcjfu91s3qfhkri8g0k58r6"
unhcr.org. 300 IN TXT
"google-site-verification=MLsLR2HAZQ9BMHTaAGabN7Y62_qNhrHX4F3N632MIUE"
unhcr.org. 300 IN TXT
"google-site-verification=mH2vWa5Es_J_duT7AnEGWVofbE3N4ShF72gG2du8R9k"
unhcr.org. 300 IN TXT "iqtn0542llv1l0pnarfakldjpn"
unhcr.org. 300 IN TXT "p05bsp32i1jsuk7ak49t2tc2lt"
unhcr.org. 300 IN TXT "pj3c7mlmlrije8a3o6jqsruuc3"
unhcr.org. 300 IN TXT
"teamviewer-sso-verification=56587a1763d8457ba2d7de6b280aeb19"
unhcr.org. 300 IN TXT "tho1nrl5f4k0t5d2j7cqp0jgm4"
unhcr.org. 300 IN TXT "v=spf1 include:spf.protection.outlook.com
include:spf1.unicc.unicc.org include:spf1.unhcr.org -all"
unhcr.org. 300 IN TXT
"webexdomainverification.4C675B87D61AB136E053AB06FC0A3F65=15e740df-26f8-4339-b9d8-d119e4065d24"
% dig TXT mcdonalds.com
; <<>> DiG 9.10.6 <<>> TXT mcdonalds.com
; ANSWER SECTION:
mcdonalds.com. 3600 IN TXT
"amazonses:24YzB2l981UTyShDCxFnkb9onqr7EICEKxuiXuT0JsE="
mcdonalds.com. 3600 IN TXT
"amazonses:2yrtLrBZnUnx460KXwTUxZ01Ud5ZLaiIxLObRgOROXw="
mcdonalds.com. 3600 IN TXT
"amazonses:w61li6pZNv7ThE859iAQ4pB3r+/V0o3raZ+l+MjGGUM="
mcdonalds.com. 3600 IN TXT
"bu6vtqae5ivnlcygdwdv5tlv3ouelhgc._domainkey.us.mcdonalds.com
bu6vtqae5ivnlcygdwdv5tlv3ouelhgc.dkim.amazonses.com"
mcdonalds.com. 3600 IN TXT
"facebook-domain-verification=kgdg0z0q8plsrhydjn7cfc4060qs7e"
mcdonalds.com. 3600 IN TXT
"fcr34w4ydxvjlpfd378b6gy13sp70nl7"
mcdonalds.com. 3600 IN TXT
"globalsign-domain-verification=sQ-XKBfUo5JDJd8xvoOg94ZQ0q4WWtarHMUXPLXva-"
mcdonalds.com. 3600 IN TXT
"google-site-verification=8P1qbyxjsZuEtxjuD8vE7jaw73fnw7996n0mmon34wQ"
mcdonalds.com. 3600 IN TXT
"google-site-verification=dWgCJy1wnoMQHUrevkULexZ6C4F67zRJRyhd2BD_0JM"
mcdonalds.com. 3600 IN TXT
"google-site-verification=iBg7YjcBWxqMsH0VIfkAY9LwQ9Q6HNstaznRQmt-JBo"
mcdonalds.com. 3600 IN TXT
"i3ercugito3yrnvxyidnkrs3ronr4jyy._domainkey.us.mcdonalds.com
i3ercugito3yrnvxyidnkrs3ronr4jyy.dkim.amazonses.com"
mcdonalds.com. 3600 IN TXT
"m44vwjmxlvh26mg9nf08qshrn8rzy3s3"
mcdonalds.com. 3600 IN TXT
"m4gcv5ds4osmwyunlxglow4zhbi2av7n._domainkey.us.mcdonalds.com
m4gcv5ds4osmwyunlxglow4zhbi2av7n.dkim.amazonses.com"
mcdonalds.com. 3600 IN TXT "v=spf1 include:spf.mailjet.com
include:_spf.q4press.com include:amazonses.com include:_spf.tivian.com ~all"
--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Senior Partner, Opus One Phone: +1 520 324 0494
j...@opus1.com http://www.opus1.com/jms
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
