On Wed, May 6, 2015 10:11, Scott Kitterman wrote:
> On Wednesday, May 06, 2015 09:58:57 AM James B. Byrne wrote:
>>
>> Amazon has screwed up their spf records. A DNS host can have only
>> ONE spf TXT RR and that must not contain or recursively resolve to
>> more than TEN tags.
>
> No. That's not it. One of those is a v=spf1 SPF record and the other
> is a spf2.0 Sender ID record.
>
> Much more likely the issue is the use of EDNS0. In the part of the
> dig output you didn't include, you probably got:
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
>
> and
>
> ;; MSG SIZE rcvd: 611
Actually, no. I got this:
;; ANSWER SECTION:
spf1.amazon.com. 900 IN TXT "spf2.0/pra ip4:207.171.160.0/19
ip4:87.238.80.0/21 ip4:72.21.192.0/19 ip4:194.154.193.192/27
ip4:194.7.41.152/28 ip4:212.123.28.40/32 ip4:203.81.17.0/24
ip4:72.21.212.0/25 ip4:178.236.10.128/26 -all"
spf1.amazon.com. 900 IN TXT "v=spf1 ip4:207.171.160.0/19
ip4:87.238.80.0/21 ip4:72.21.192.0/19 ip4:194.154.193.192/27
ip4:194.7.41.152/28 ip4:212.123.28.40/32 ip4:203.81.17.0/24
ip4:72.21.212.0/25 ip4:178.236.10.128/26 -all"
;; AUTHORITY SECTION:
amazon.com. 2751 IN NS ns3.p31.dynect.net.
amazon.com. 2751 IN NS ns1.p31.dynect.net.
amazon.com. 2751 IN NS ns4.p31.dynect.net.
amazon.com. 2751 IN NS ns2.p31.dynect.net.
amazon.com. 2751 IN NS pdns6.ultradns.co.uk.
amazon.com. 2751 IN NS pdns1.ultradns.net.
;; Query time: 1 msec
;; SERVER: 216.185.71.33#53(216.185.71.33)
;; WHEN: Wed May 6 09:54:00 2015
;; MSG SIZE rcvd: 600
And thanks for the correction. I had never run into MS's Sender ID in
the wild before and had no recollection of its existence until you
reminded me. One more thing to look for.
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
James B. Byrne mailto:[email protected]
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
