[Bug 7112] SPF failures not caught for deeply nested records

[bu...@bugzilla.spamassassin.org]

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7112

--- Comment #6 from Joe Quinn <jq...@pccc.com> ---
I have committed additional return status checking for SPF queries, and added
test rules for permerror and temperror/error.

There are two backends supported for performing the SPF queries, and they
handle errors differently. I was able to test the Mail::SPF backend against an
eBay forgery and correctly get T_SPF_TEMPERROR, but had to rely on
documentation for Mail::SPF::Query. I would also have liked to add unit testing
for it, but that requires someone to set up broken SPF records.

I think this should be enough of a framework for server operators to make more
informed decisions when a domain has this type of DNS issue.

Does anyone have an opinion on what sort of score this rule should be given? I
am inclined to give it 0.001 to line up with some of the other SPF rules, but I
can also argue scoring it higher for its indication of technical issues and
potential to bypass user rules that test SPF_NONE.

Committed revision 1656028.

-- 
You are receiving this mail because:
You are the assignee for the bug.