Ok, cool. thanks Tim, that answers where to point the finger now.
Tim do you mind sharing how you tested that? What tool did you use?
Is there a vwu admin on list who would like to comment? Can you fix
your spf record so it doesn't cause more than 10 recursive look ups or
should I just not bother with spf?
On 10/09/2012 1:07 p.m., Tim Price wrote:
> The recursive lookups in that SFP record come to 14 according to my
> vuw.ac.nz IN TXT v=spf1 ip4:220.127.116.11/24
> ip4:18.104.22.168/24 ip4:22.214.171.124/24 ip4:126.96.36.199/22
> ip4:188.8.131.52/21 include:mcs.vuw.ac.nz include:mailprimer.com
> ·include:mailprimer.net.nz (loop?)
> [mailto:firstname.lastname@example.org] *On Behalf Of *Scott Howard
> *Sent:* Monday, September 10, 2012 12:52 PM
> *To:* Don Gould
> *Cc:* nznog
> *Subject:* Re: [nznog] Vic Uni Mail Admin about? SPF rec issue...
> On Sun, Sep 9, 2012 at 5:44 PM, Don Gould <don(a)bowenvale.co.nz
> <mailto:email@example.com>> wrote:
> 2. Should I be doing something to change my config or do others
> feel that the vuw spf record is to wide?
> From http://tools.ietf.org/html/rfc4408#section-10.1 :
> / SPF implementations MUST limit the number of mechanisms and modifiers
> that do DNS lookups to at most 10 per SPF check, including any
> lookups caused by the use of the "include" mechanism or the
> "redirect" modifier. If this number is exceeded during a check, a
> PermError MUST be returned. The "include", "a", "mx", "ptr", and
> "exists" mechanisms as well as the "redirect" modifier do count
> against this limit. The "all", "ip4", and "ip6" mechanisms do not
> require DNS lookups and therefore do not count against this limit.
> The "exp" modifier does not count against this limit because the DNS
> lookup to fetch the explanation string occurs after the SPF record
> has been evaluated.
31 Acheson Ave
Christchurch, New Zealand
Ph: + 64 3 348 7235
Mobile: + 64 21 114 0699