Hello mailops,
Maybe not as important as other things going on in the world, so please
forgive me and also forgive me for this inquisitive question. I have a
company publishing a few SPF records [following rfc7208] for a brand. I
noticed a range of ips and I suggested using CIDR (as described in
RFC4632) or maybe to omit the /32 because if ip4-cidr-length is omitted,
it is taken to be "/32"
-----------------------------------
The company is publishing (among a plethora of legacy TXT google
verification records):
"v=spf1 ip4:192.168.1.120/32 ip4:192.168.1.121/32 ip4:192.168.1.122/32
ip4:192.168.1.123/32 ip4:192.168.1.124/32 ip4:192.168.1.125/32
ip4:192.168.1.126/32 ip4:192.168.1.127/32 -all"
I told them that they could publish: "v=spf1 ip4:192.168.1.120/29 -all"
-----------------------------------
My network peer said, wait a second. rfc4632 refers to P2P rfc3021 which
indicated connection is only for useable ips. A /29 range is declaration
means the last octet .127 as a broadcast ip and is therefore unusable.
Now in the email world. Would email from that published SPF /29 mean
that I would fail an SPF lookup using .127?
I am sure it's going to depend on what function or library the MTA is
using to check but is it safe to assume an SPF record with a CIDR range
includes all ips in that range, useable or not.
--
---------------------------
keith kouzmanoff
mobile 815.281.1591
twitter @emailmp
linkedin https://www.linkedin.com/in/kouzmanoff/
skype keith.kouzmanoff
---------------------------
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
