[spfbis] Issue: "Permanent" Temporary errors
Scott Kitterman <spf2@kitterman.com> Fri, 03 February 2012 22:47 UTC
Return-Path: <spf2@kitterman.com>
X-Original-To: spfbis@ietfa.amsl.com
Delivered-To: spfbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1139A21F8620 for <spfbis@ietfa.amsl.com>; Fri, 3 Feb 2012 14:47:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.491
X-Spam-Level:
X-Spam-Status: No, score=-2.491 tagged_above=-999 required=5 tests=[AWL=0.108, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E+EwnecsSW6i for <spfbis@ietfa.amsl.com>; Fri, 3 Feb 2012 14:47:01 -0800 (PST)
Received: from mailout02.controlledmail.com (mailout02.controlledmail.com [72.81.252.18]) by ietfa.amsl.com (Postfix) with ESMTP id 48D5821F861F for <spfbis@ietf.org>; Fri, 3 Feb 2012 14:47:01 -0800 (PST)
Received: from mailout02.controlledmail.com (localhost [127.0.0.1]) by mailout02.controlledmail.com (Postfix) with ESMTP id C529A20E40D0; Fri, 3 Feb 2012 17:47:00 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=2007-00; t=1328309220; bh=16wtXmp1V2EyY08jui3UKlNPL5xwhQFxY/lWqrG3dxo=; h=From:To:Subject:Date:Message-ID:MIME-Version: Content-Transfer-Encoding:Content-Type; b=GK4KVvQF2K/iWaQwGdAZpayKMwDTYanZ+nWPdcte6eugHUI+k/P3S4gB0spszCCGI KanD5ngJB0tM5tcux6f5TlT/AaSUvu8Mnbd2IMZ9V+eVF3T2Fsi9VA1njNqk3ODSOE hdkAX7xV8UrMw2Q8zYSMHQ7E5WrdJHE2HUr3azhU=
Received: from scott-latitude-e6320.localnet (static-72-81-252-21.bltmmd.fios.verizon.net [72.81.252.21]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout02.controlledmail.com (Postfix) with ESMTPSA id A6EF020E4043; Fri, 3 Feb 2012 17:47:00 -0500 (EST)
From: Scott Kitterman <spf2@kitterman.com>
To: spfbis@ietf.org
Date: Fri, 03 Feb 2012 17:47:00 -0500
Message-ID: <7863221.PHTaGIf0LX@scott-latitude-e6320>
User-Agent: KMail/4.7.3 (Linux/3.0.0-15-generic-pae; KDE/4.7.4; i686; ; )
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
X-AV-Checked: ClamAV using ClamSMTP
Subject: [spfbis] Issue: "Permanent" Temporary errors
X-BeenThere: spfbis@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: SPFbis discussion list <spfbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spfbis>, <mailto:spfbis-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spfbis>
List-Post: <mailto:spfbis@ietf.org>
List-Help: <mailto:spfbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spfbis>, <mailto:spfbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Feb 2012 22:47:02 -0000
TempError is defined in RFC 4408 as: 2.5.6. TempError A "TempError" result means that the SPF client encountered a transient error while performing the check. Checking software can choose to accept or temporarily reject the message. If the message is rejected during the SMTP transaction for this reason, the software SHOULD use an SMTP reply code of 451 and, if supported, the 4.4.3 DSN code. This is further specified in the check_host() definition: 4.4. Record Lookup In accordance with how the records are published (see Section 3.1 above), a DNS query needs to be made for the <domain> name, querying for either RR type TXT, SPF, or both. If both SPF and TXT RRs are looked up, the queries MAY be done in parallel. If all DNS lookups that are made return a server failure (RCODE 2), or other error (RCODE other than 0 or 3), or time out, then check_host() exits immediately with the result "TempError". Particularly when querying for SPF records of type SPF, persistent 2 ServFail results are not rare. It is my impression that ServFail is a condition that generally will require operator intervention to correct. The definition of PermError is (partly): 2.5.7. PermError A "PermError" result means that the domain's published records could not be correctly interpreted. This signals an error condition that requires manual intervention to be resolved, as opposed to the TempError result. I think that RCODE 2 replies should be considered PermError instead of TempError. The operational impact of this is that messages are deferred (4xx) instead of rejected (5xx) so they sit in a deferral queue and are retried for however long the sending MTA is configured to attempt it. The user of the message isn't notified of the non-delivery until it expires out of the queue, generally after several days. In the SPF policy server for Postfix that I maintain, I changed the default action on TempError from defer as a result of this issue. Scott K
- Re: [spfbis] Issue: "Permanent" Temporary errors Stuart D Gathman
- [spfbis] Issue: "Permanent" Temporary errors Scott Kitterman