IETF Logo Mail Archive

Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lookup Count Inconsistencies

william@leibzon.org Mon, 23 January 2023 05:39 UTC

Return-Path: <william@leibzon.org>
X-Original-To: spfbis@ietfa.amsl.com
Delivered-To: spfbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD90DC14F721 for <spfbis@ietfa.amsl.com>; Sun, 22 Jan 2023 21:39:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.894
X-Spam-Level:
X-Spam-Status: No, score=-1.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OrGvygd843fB for <spfbis@ietfa.amsl.com>; Sun, 22 Jan 2023 21:39:45 -0800 (PST)
Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93B96C14F6EB for <spfbis@ietf.org>; Sun, 22 Jan 2023 21:39:45 -0800 (PST)
Received: from omf04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 5F2621401FB; Mon, 23 Jan 2023 05:39:43 +0000 (UTC)
Received: from [HIDDEN] (Authenticated sender: william@leibzon.org) by omf04.hostedemail.com (Postfix) with ESMTPA id 227CD20023; Mon, 23 Jan 2023 05:39:42 +0000 (UTC)
MIME-Version: 1.0
Date: Sun, 22 Jan 2023 21:39:41 -0800
From: william@leibzon.org
To: Tim Wicinski <tjw.ietf@gmail.com>
Cc: John Levine <johnl@taugh.com>, spfbis@ietf.org
In-Reply-To: <CADyWQ+EExQj2H4eL-VW39GM7zdF3CiCrgDJP7PSjzh0oddJpbw@mail.gmail.com>
References: <CADyWQ+FRgUPOC3OiMZ74kbD9Mn+r=Z51meY7uTZutfAJDr6ssQ@mail.gmail.com> <20230123031354.527A67D6DA86@ary.qy> <CADyWQ+EExQj2H4eL-VW39GM7zdF3CiCrgDJP7PSjzh0oddJpbw@mail.gmail.com>
Message-ID: <e0e424a2dfc43060521f57df4e698299@leibzon.org>
X-Sender: william@leibzon.org
Content-Type: multipart/alternative; boundary="=_24a614bdf050b031d60c0a133cc6a74b"
X-Rspamd-Queue-Id: 227CD20023
X-Rspamd-Server: rspamout01
X-Stat-Signature: jpbu9qwt8f9h6k51yixjcit6k3a3s7kf
X-Session-Marker: 77696C6C69616D406C6569627A6F6E2E6F7267
X-Session-ID: U2FsdGVkX1+fYJTSguwZ2fNOgbyzV7aKs6ierqnJg78=
X-HE-Tag: 1674452382-917291
X-HE-Meta: U2FsdGVkX1+egpZYNMkU8/2cis7dHD0Hn503XirzIShhjdixdDxs0vGcB+FAJJwdhtjQwCnVIEqGlJGZwu9ISw==
Archived-At: <https://mailarchive.ietf.org/arch/msg/spfbis/IXAeWcKSRDRgnJJpoFoku9_auCI>
Subject: Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lookup Count Inconsistencies
X-BeenThere: spfbis@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: SPFbis discussion list <spfbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spfbis>, <mailto:spfbis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spfbis/>
List-Post: <mailto:spfbis@ietf.org>
List-Help: <mailto:spfbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spfbis>, <mailto:spfbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Jan 2023 05:39:49 -0000


May be the more relevant question is would these large companies with 
many MXs use "mx" in their SPF record?

;; ANSWER SECTION:
comcast.net.        7200    IN    TXT    "v=spf1 ip4:96.103.146.48/28 
ip4:96.102.19.32/28 ip4:96.102.200.0/28 include:_spfv6.comcast.net 
include:_spf.mdp.comcast.net ~all"

efficient with precise and small ip block space for their mail servers

;; ANSWER SECTION:
yahoo.com.        1137    IN    TXT    
"_globalsign-domain-verification=8DPEanqC-w2Z26VeL5Sn4zBI7cZPCFqrNU5dMKMKeP"
yahoo.com.        1137    IN    TXT    
"google-site-verification=xoBvU6aKxP0gYgNL0iXqF0EccAg6nFrO7XxsHnc3iNQ"
yahoo.com.        1137    IN    TXT    
"google-site-verification=w4N2bNopAWw1xYrdXKORILxx-WW3_LIiyX6dIMIidgk"
yahoo.com.        1137    IN    TXT    
"google-site-verification=Z3-Vh6zqUMgybVH4wQl1GxKSKN7JE13kyCyeZ3TZZ-I"
yahoo.com.        1137    IN    TXT    "v=spf1 
redirect=_spf.mail.yahoo.com"
yahoo.com.        1137    IN    TXT    
"edb3bff2c0d64622a9b2250438277a59"
yahoo.com.        1137    IN    TXT    "Zoom=13284637"
yahoo.com.        1137    IN    TXT    
"facebook-domain-verification=gysqrcd69g0ej34f4jfn0huivkym1p"
yahoo.com.        1137    IN    TXT    
"google-site-verification=2b8irRvU5a2h4Mb-H_fdqNrqWjS00qmPfPcWqm8BhxI"

What a horrific example of TXT record pollution, the door to which was 
opened by SPF ....

;; ANSWER SECTION:
_spf.mail.yahoo.com.    1094    IN    TXT    "v=spf1 ptr:yahoo.com 
ptr:yahoo.net ?all"

On 2023-01-22 19:51, Tim Wicinski wrote:

> I am always happy when I'm proven wrong. Thanks Mr. John.
> 
> tim
> 
> On Sun, Jan 22, 2023 at 10:13 PM John Levine <johnl@taugh.com> wrote:
> 
>> It appears that Tim Wicinski  <tjw.ietf@gmail.com> said:
>>> I also feel that technology stacks have matured over time.  Jan, do 
>>> you see
>>> real world examples of a domain with 11 MX servers?
>> 
>> Well, there's Comcast:
>> 
>> $ host -t mx comcast.net [1]
>> comcast.net [1] mail is handled by 50 mx1a1.comcast.net [2].
>> comcast.net [1] mail is handled by 5 mx2.mxge.comcast.net [3].
>> comcast.net [1] mail is handled by 50 mx2a1.comcast.net [4].
>> comcast.net [1] mail is handled by 50 mx1c1.comcast.net [5].
>> comcast.net [1] mail is handled by 5 mx1.mxge.comcast.net [6].
>> comcast.net [1] mail is handled by 50 mx2c1.comcast.net [7].
>> comcast.net [1] mail is handled by 50 mx1h1.comcast.net [8].
>> comcast.net [1] mail is handled by 50 mx2h1.comcast.net [9].
>> 
>> And there's Yahoo, but its MX is only four lookups:
>> 
>> $ host -t mx yahoo.com [10]
>> yahoo.com [10] mail is handled by 1 mta6.am0.yahoodns.net [11].
>> yahoo.com [10] mail is handled by 1 mta7.am0.yahoodns.net [12].
>> yahoo.com [10] mail is handled by 1 mta5.am0.yahoodns.net [13].
>> 
>> $ host mta5.am0.yahoodns.net [13].
>> mta5.am0.yahoodns.net [13] has address 67.195.228.109
>> mta5.am0.yahoodns.net [13] has address 98.136.96.76
>> mta5.am0.yahoodns.net [13] has address 67.195.204.72
>> mta5.am0.yahoodns.net [13] has address 67.195.204.79
>> mta5.am0.yahoodns.net [13] has address 67.195.228.111
>> mta5.am0.yahoodns.net [13] has address 98.136.96.77
>> mta5.am0.yahoodns.net [13] has address 67.195.228.110
>> mta5.am0.yahoodns.net [13] has address 98.136.96.91
>> $ host mta6.am0.yahoodns.net [11].
>> mta6.am0.yahoodns.net [11] has address 67.195.204.74
>> mta6.am0.yahoodns.net [11] has address 98.136.96.76
>> mta6.am0.yahoodns.net [11] has address 67.195.228.110
>> mta6.am0.yahoodns.net [11] has address 67.195.204.79
>> mta6.am0.yahoodns.net [11] has address 67.195.204.77
>> mta6.am0.yahoodns.net [11] has address 67.195.228.111
>> mta6.am0.yahoodns.net [11] has address 67.195.228.94
>> mta6.am0.yahoodns.net [11] has address 98.136.96.77
>> $ host mta7.am0.yahoodns.net [12].
>> mta7.am0.yahoodns.net [12] has address 67.195.204.79
>> mta7.am0.yahoodns.net [12] has address 67.195.204.77
>> mta7.am0.yahoodns.net [12] has address 98.136.96.91
>> mta7.am0.yahoodns.net [12] has address 67.195.228.111
>> mta7.am0.yahoodns.net [12] has address 67.195.228.106
>> mta7.am0.yahoodns.net [12] has address 67.195.228.94
>> mta7.am0.yahoodns.net [12] has address 67.195.204.72
>> mta7.am0.yahoodns.net [12] has address 98.136.96.77
>> 
>> And Charter:
>> 
>> $ host -t mx charter.com [14]
>> charter.com [14] mail is handled by 10 nce.mail.chartercom.com [15].
>> charter.com [14] mail is handled by 10 ncw.mail.chartercom.com [16].
>> 
>> $ host nce.mail.chartercom.com [15].
>> nce.mail.chartercom.com [15] has address 142.136.234.134
>> nce.mail.chartercom.com [15] has address 142.136.234.135
>> nce.mail.chartercom.com [15] has address 142.136.234.136
>> nce.mail.chartercom.com [15] has address 142.136.234.137
>> nce.mail.chartercom.com [15] has address 142.136.234.138
>> nce.mail.chartercom.com [15] has address 142.136.234.139
>> nce.mail.chartercom.com [15] has address 142.136.234.142
>> nce.mail.chartercom.com [15] has address 142.136.234.143
>> nce.mail.chartercom.com [15] has address 142.136.234.144
>> 
>> $ host ncw.mail.chartercom.com [16].
>> ncw.mail.chartercom.com [16] has address 142.136.235.134
>> ncw.mail.chartercom.com [16] has address 142.136.235.135
>> ncw.mail.chartercom.com [16] has address 142.136.235.136
>> ncw.mail.chartercom.com [16] has address 142.136.235.137
>> ncw.mail.chartercom.com [16] has address 142.136.235.138
>> ncw.mail.chartercom.com [16] has address 142.136.235.139
>> ncw.mail.chartercom.com [16] has address 142.136.235.142
>> ncw.mail.chartercom.com [16] has address 142.136.235.143
>> ncw.mail.chartercom.com [16] has address 142.136.235.144
>> 
>> I occasionally see spammy looking hosts with a lot
>> of MX'es but if their SPF checks fail, who cares.
>> 
>> R's,
>> John
> 
> _______________________________________________
> spfbis mailing list
> spfbis@ietf.org
> https://www.ietf.org/mailman/listinfo/spfbis


Links:
------
[1] http://comcast.net
[2] http://mx1a1.comcast.net
[3] http://mx2.mxge.comcast.net
[4] http://mx2a1.comcast.net
[5] http://mx1c1.comcast.net
[6] http://mx1.mxge.comcast.net
[7] http://mx2c1.comcast.net
[8] http://mx1h1.comcast.net
[9] http://mx2h1.comcast.net
[10] http://yahoo.com
[11] http://mta6.am0.yahoodns.net
[12] http://mta7.am0.yahoodns.net
[13] http://mta5.am0.yahoodns.net
[14] http://charter.com
[15] http://nce.mail.chartercom.com
[16] http://ncw.mail.chartercom.com

v2.23.0 | Report a Bug | By Email