[Date Prev][Date Next][Thread Prev][Thread Next] - [Date Index][Thread Index][Author Index]

Re: Online Satellite Pass Predictions

At 9:36 PM -0600 5/22/06, Nate Duehr wrote:
>The amsat.org domain/zone file has an inappropriate DNS TXT SPF 
>record set for the zone amsat.org.

I am sorry to argue with you in public (and off-topic for AMSAT-BB), 
but you are incorrect.

>amsat.org.              604800  IN      TXT     "v=spf1 a mx 
>a:slowpoke.ucsd.edu ~all"

This says "You should expect to receive email from amsat.org itself 
(that's the "a") or from any host that is authorized to receive email 
for amsat.org (that's the "mx") or from slowpoke.ucsd.edu, but you 
shouldn't be too surprised if email also comes from anywhere else 
(that's the "~all")."

The tilde ("~") designates a result of "SoftFail". Quoting RFC 4408, 
http://www.ietf.org/rfc/rfc4408.txt, "Receiving software SHOULD NOT 
reject the message based solely on this result, but MAY subject the 
message to closer scrutiny than normal."

That's entirely appropriate. AMSAT can't vouch for email coming from 
other hosts.

>This is a broken and completely incorrect use of SPF records for a 
>domain that is used as a mail catch-all/reflector service.

No, it's not, for two reasons.

One, if email gets discarded by receiving hosts based solely on the 
SPF record, that's an error in the configuration of the receiving 
host, not on amsat.org.

Two, the callsign@amsat.org mail alias system is really intended 
primarily for INCOMING mail. We have never encouraged anyone to 
configure their email program to forge mail to appear to come "from" 
the amsat.org address. See the Mail Alias FAQ, 
http://www.amsat.org/amsat-new/tools/maillist/aliasFAQ.php#3.3 . 
Setting up your email program that way was a questionable idea even 
before SPF was invented.

>  I'd start with trying to contact the DNS admin.

Please refer any complaints to me, not to Brian. 
mail-alias-service@amsat.org is a good address to use for that.

>... all my mail servers (and hundreds of others) will continue to 
>ignore mail delivered from "anyone@amsat.org" that wasn't originated 
>from the slowpoke.ucsd.edu machine.

If that's what your server does, you need to re-read the SPF 
specification and then rewrite and/or re-configure the software 
you're using to implement SPF filtering.

>  but if you try to send mail with your From: header set to 
>"yourcall@amsat.org", don't be too surprised if people don't get 
>your replies.

This isn't bad advice, actually. Now and then a receiving host will 
decide, for one reason or another, to reject email from amsat.org. 
Usually we can get that cleared up fairly quickly, but if you don't 
try to use amsat.org as a pseudo-sending address, you won't lose mail 
in the meantime.

73  -Paul
Sent via amsat-bb@amsat.org. Opinions expressed are those of the author.
Not an AMSAT member? Join now to support the amateur satellite program!
To unsubscribe, send "unsubscribe amsat-bb" to Majordomo@amsat.org