471,330 Members | 1,382 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,330 software developers and data experts.

Dealing with PayPal's messy SPF records

I administer email for a few clients of mine, using Postfix. One of the
policies that is in place is SPF-checking, and rejecting messages
accordingly. This has been working well for months.

However, today a user called me to complain that they weren't able to
get confirmed with PayPal to set up a new account. Turns out, SPF was
rejecting the email from PayPal because of "Too many DNS lookups". This
was somewhat surprising as I had been expecting the problem to be with
my greylisting setup.

I took a look at PayPal's SPF structure and it is indeed a big mess -
lots of includes, and those includes have lots of hosts and mx records,
etc.

I helped the user by temporarily disabling all SPF checking and then
reenabling it after the user got confirmed, but I was wondering if there
is an elegant way to tell postfix to "ignore the going over MAX_LOOKUPS"
for ("paypal.com",). I guess this would involve modifying policyd-spf.py?

I took a look at the source spf.py, and see where these values are
hardcoded, complete with references to the RFC, and I don't want to
modify those hardcoded values. I also don't want to disable SPF as the
final layer of policy checking on my mail server. But, I have to
recognize that companies like PayPal are big players, and I'm probably
not going to get them to budge by complaining, so I should try to
accommodate their messy setups as much as possible, as my users are
nearly always right.

Anyone been down this road before and can offer tips/advice? I did
google for relevant strings, but didn't come up with anything that
appeared to address this specific problem.
--
pkm ~ http://paulmcnett.com
Sep 4 '07 #1
0 895

This discussion thread is closed

Replies have been disabled for this discussion.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.