Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lookup Count Inconsistencies
Jan Schaumann <jschauma@netmeister.org> Mon, 23 January 2023 04:05 UTC
Return-Path: <jschauma@netmeister.org>
X-Original-To: spfbis@ietfa.amsl.com
Delivered-To: spfbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B805DC14F6EB for <spfbis@ietfa.amsl.com>; Sun, 22 Jan 2023 20:05:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=netmeister.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dHsx7jB1RZka for <spfbis@ietfa.amsl.com>; Sun, 22 Jan 2023 20:05:52 -0800 (PST)
Received: from panix.netmeister.org (panix.netmeister.org [166.84.7.99]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B099FC14E515 for <spfbis@ietf.org>; Sun, 22 Jan 2023 20:05:52 -0800 (PST)
Received: by panix.netmeister.org (Postfix, from userid 1000) id 5AA5F85861; Sun, 22 Jan 2023 23:05:53 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=netmeister.org; s=2023; t=1674446753; bh=32HjFjC/Eo7427hZcvi5HD+FgyZ0/GGcSO9lgMhl5e8=; h=From:To:Subject:Content-Type:From:To:Subject; b=qNgYfgEPjo/o0A8ehyzR/uT62KMIzw5MhwVYtWM/IMzcsQj2Kmf6rYnA0rTDNwlG1 QYdCSjRWZwDa734U0FiALbpQdy+chJtHNBUkIFsaa7gmum3dMtoMrrnx/Cv2gN2jJE wxdXuFGpw+oQhewQf+r+AtiCcdwfe+yMOVuikSZstJ6NVpurdIddODX3yhJSLzbxaj 4+cFO7fATSlcFp7r3/vWZQF6CuHqseQdxqUrjwNykb7+DXmtHUvOor6s7UPwrx0B8T +jOOuyYi3Rg5BuYV3QD24tDPBw8pl9eV6Jwx6XUw5OFioSe5+D9t4hS/cw2Qt62pSH fqID4eAJB44HQ==
Date: Sun, 22 Jan 2023 23:05:53 -0500
From: Jan Schaumann <jschauma@netmeister.org>
To: spfbis@ietf.org
Message-ID: <Y84HoTXeVZVMOlfk@netmeister.org>
Mail-Followup-To: spfbis@ietf.org
References: <79ac443e-b0ee-6598-cec0-9cf32c3dc1d1@tekmarc.com> <4155095.WaQZGZ3z5Y@localhost> <Y8SJjkQTFZO/Id/Z@netmeister.org> <13078447.edrPyRMrsX@localhost> <CADyWQ+FRgUPOC3OiMZ74kbD9Mn+r=Z51meY7uTZutfAJDr6ssQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CADyWQ+FRgUPOC3OiMZ74kbD9Mn+r=Z51meY7uTZutfAJDr6ssQ@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/spfbis/VQ2errf2nt6FHEs22d66RIoCoi0>
Subject: Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lookup Count Inconsistencies
X-BeenThere: spfbis@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: SPFbis discussion list <spfbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spfbis>, <mailto:spfbis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spfbis/>
List-Post: <mailto:spfbis@ietf.org>
List-Help: <mailto:spfbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spfbis>, <mailto:spfbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Jan 2023 04:05:57 -0000
Tim Wicinski <tjw.ietf@gmail.com> wrote: > I also feel that technology stacks have matured over time. Jan, do you see > real world examples > of a domain with 11 MX servers? I just happened to be looking at the MX records for the top 1M domains for other reasons, and counting domains that have > 10 MX records, I find at least 265 domains. The winning price goes to the apparently rather aptly named domain 'everymailbox.com', with 398 MX records. Second prize goes to 'preciseify.com' (266 MX records), 3rd to 'rm02.net' (235 MX records). :-) Those are obviously rare outliers, of course. But I'm actually less concerned about domains with > 10 MX records (since the RFC seems reasonably clear here to immediately fail), and more worried about domains that have close to 10 total lookups, but where counting the lookups resulting from turning MX results into IP addresses would bump them over the limit of 10. As illustrated by Mark's initial mail (and my own misunderstanding), there are implementations that will lead to such domains' SPF records as being marked invalid when they shouldn't be. (The last time I looked at SPF records of popular domains[1], I found >8K domains with >10 total lookups.) -Jan [1] https://www.netmeister.org/blog/spf.html
- [spfbis] RFC7208 4.6.4 Interpretation - MX Lookup… Mark Alley
- Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lo… Mark Alley
- Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lo… Mark Alley
- Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lo… Scott Kitterman
- Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lo… Mark Alley
- Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lo… Jan Schaumann
- Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lo… Jan Schaumann
- Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lo… Scott Kitterman
- Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lo… Jan Schaumann
- Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lo… Scott Kitterman
- Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lo… Tim Wicinski
- Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lo… John Levine
- Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lo… Tim Wicinski
- Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lo… Jan Schaumann
- Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lo… william
- Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lo… John R Levine
- Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lo… Klaus Frank