Bug#991013: spf-tools-perl: SPFv2 is not preferred over SPFv1
Evgeniy Berdnikov
bd4 at protva.ru
Mon Jul 12 20:59:32 BST 2021
Package: spf-tools-perl
Version: 2.9.0-5
Severity: normal
Dear Maintainer,
if sender's domain has two SPF records, one v1 and other v2, then
spf-tools-perl choses one of this records for check, namely, that one
that is listed *first* in DNS reply. This behaviour violates RFC 4406,
section 4.4, "Record Selection":
4. If the lookup returned two records, one containing the "v=spf1"
version identifier and the other containing the "spf2" version
identifier, the "spf2" version takes precedence for the desired
scope-id. If the "spf2" record does not contain the desired
scope-id, then the "v=spf1" record is selected.
With "-v 1 " or "-v 2" command line options spf-tools-perl behaves right.
Moreover, SPFv2 did not pass from draft to standard, and is considered
nowadays as dead technology. So it seems reasonable to chande default
operation of spf-tools-perl to check SPFv1 only.
-- System Information:
Debian Release: 11.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 5.8.0-1-amd64 (SMP w/2 CPU threads)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/bash
Init: sysvinit (via /sbin/init)
Versions of packages spf-tools-perl depends on:
ii libmail-spf-perl 2.9.0-5
ii perl 5.32.1-4
spf-tools-perl recommends no packages.
spf-tools-perl suggests no packages.
-- no debconf information
More information about the pkg-perl-maintainers
mailing list