cancel
Showing results for 
Search instead for 
Did you mean: 
runcmd
Level 10
Report Inappropriate Content
Message 1 of 4

SPF and SenderID with no DNS Entry

Jump to solution

Two questions, please...


If SPF and Sender ID are enabled in the spam settings of a MEG mail rule, how does the MEG handle messages from a domain where there is no SPF and/or Sender ID TXT record in DNS for that particular domain (not participating)?  When it's not configured, is that considered passing the check or failing the check?  Or is it simply ignored?


I sometimes see in the logs where SPF and/or Sender ID fail with "Mechanisms used too many DNS lookups".  I'm assuming this is occurring when the TXT record has "include" statements that continue to branch out.  How many "nested" DNS lookups for SPF and/or Sender ID occur until it is "too many"?  It looks like the general recommendation across the web is to have no more than 10 but I wondered how many the MEG actually does before giving up.


Thank you!

1 Solution

Accepted Solutions

Re: SPF and SenderID with no DNS Entry

Jump to solution

if there is no spf record, we do not penalize by default.  you can configure it to penalize for that if you want, but it would cause a lot of problems.  i cant remember the rfc number(i can look if you really need me to), but the rfc states a max of 10 dns queries in an spf check before it is considered a DoS attack.  MEG abides by this RFC.

--jake

3 Replies

Re: SPF and SenderID with no DNS Entry

Jump to solution

if there is no spf record, we do not penalize by default.  you can configure it to penalize for that if you want, but it would cause a lot of problems.  i cant remember the rfc number(i can look if you really need me to), but the rfc states a max of 10 dns queries in an spf check before it is considered a DoS attack.  MEG abides by this RFC.

--jake

runcmd
Level 10
Report Inappropriate Content
Message 3 of 4

Re: SPF and SenderID with no DNS Entry

Jump to solution

That's exactly what I need to know.  Thank you!

Re: SPF and SenderID with no DNS Entry

Jump to solution

I am seeing lot of error messages related to SPF on my McAfee Email Gateway. Can anyone help me in this regards.

SPF_TEMPERROR

temperror (DNS lookup failure )

emails from other domains are not getting delivered for almost 24 hours

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center