Is there stuff just not setup properly? No wonder since they turned on spf I haven't been getting my ebay stuff!

10/24/04 11:00:20:812 -- (2728) Connection from: 66.135.197.24  -  Originating country : United States
10/24/04 11:00:21:531 -- (2728) Resolving 66.135.197.24 - mxpool18.ebay.com
10/24/04 11:00:21:609 -- ebay.ca is a domain, searching for SPF record
10/24/04 11:00:21:734 -- (2728) - SPF record for ebay.ca found. analyzing: - v=spf1 mx include:c._spf.ebay.com include:s._spf.ebay.com include:m._spf.ebay.com include:p._spf.ebay.com ~all
10/24/04 11:00:22:703 -- ebay.com is a domain, searching for SPF record
10/24/04 11:00:22:844 -- (2728) - SPF record for ebay.com found. analyzing: - v=spf1 mx include:c._spf.ebay.com include:s._spf.ebay.com include:m._spf.ebay.com include:p._spf.ebay.com ~all
10/24/04 11:00:23:359 -- ebay.com is a domain, searching for SPF record
10/24/04 11:00:23:359 -- (2728) - SPF record for ebay.com found. analyzing: - v=spf1 mx include:c._spf.ebay.com include:s._spf.ebay.com include:m._spf.ebay.com include:p._spf.ebay.com ~all
10/24/04 11:00:23:750 -- ebay.com is a domain, searching for SPF record
10/24/04 11:00:23:750 -- (2728) - SPF record for ebay.com found. analyzing: - v=spf1 mx include:c._spf.ebay.com include:s._spf.ebay.com include:m._spf.ebay.com include:p._spf.ebay.com ~all
10/24/04 11:00:24:140 -- ebay.com is a domain, searching for SPF record
10/24/04 11:00:24:140 -- (2728) - SPF record for ebay.com found. analyzing: - v=spf1 mx include:c._spf.ebay.com include:s._spf.ebay.com include:m._spf.ebay.com include:p._spf.ebay.com ~all
10/24/04 11:00:24:531 -- ebay.com is a domain, searching for SPF record
10/24/04 11:00:24:531 -- (2728) - SPF record for ebay.com found. analyzing: - v=spf1 mx include:c._spf.ebay.com include:s._spf.ebay.com include:m._spf.ebay.com include:p._spf.ebay.com ~all
10/24/04 11:00:24:922 -- ebay.com is a domain, searching for SPF record
10/24/04 11:00:24:922 -- (2728) - SPF record for ebay.com found. analyzing: - v=spf1 mx include:c._spf.ebay.com include:s._spf.ebay.com include:m._spf.ebay.com include:p._spf.ebay.com ~all
10/24/04 11:00:25:297 -- ebay.com is a domain, searching for SPF record
10/24/04 11:00:25:312 -- (2728) - SPF record for ebay.com found. analyzing: - v=spf1 mx include:c._spf.ebay.com include:s._spf.ebay.com include:m._spf.ebay.com include:p._spf.ebay.com ~all
10/24/04 11:00:25:687 -- ebay.com is a domain, searching for SPF record
10/24/04 11:00:25:703 -- (2728) - SPF record for ebay.com found. analyzing: - v=spf1 mx include:c._spf.ebay.com include:s._spf.ebay.com include:m._spf.ebay.com include:p._spf.ebay.com ~all
10/24/04 11:00:26:078 -- ebay.com is a domain, searching for SPF record
10/24/04 11:00:26:078 -- (2728) - SPF record for ebay.com found. analyzing: - v=spf1 mx include:c._spf.ebay.com include:s._spf.ebay.com include:m._spf.ebay.com include:p._spf.ebay.com ~all
10/24/04 11:00:26:078 -- (2728) - SPF analysis for ebay.com done: - softfail
10/24/04 11:00:26:078 -- (2728) - SPF analysis for ebay.com done: - softfail
10/24/04 11:00:26:078 -- (2728) - SPF analysis for ebay.com done: - softfail
10/24/04 11:00:26:078 -- (2728) - SPF analysis for ebay.com done: - softfail
10/24/04 11:00:26:078 -- (2728) - SPF analysis for ebay.com done: - softfail
10/24/04 11:00:26:078 -- (2728) - SPF analysis for ebay.com done: - softfail
10/24/04 11:00:26:078 -- (2728) - SPF analysis for ebay.com done: - softfail
10/24/04 11:00:26:078 -- (2728) - SPF analysis for ebay.com done: - softfail
10/24/04 11:00:26:078 -- (2728) - SPF analysis for ebay.com done: - softfail
10/24/04 11:00:26:078 -- (2728) - SPF analysis for ebay.ca done: - softfail
10/24/04 11:00:26:078 -- (2728) failed SPF test (softfail) - Disconnecting 66.135.197.24
10/24/04 11:00:26:078 -- (2728) 66.135.197.24 - Mail from: mailto:bidconfirm@ebay.ca" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - bidconfirm@ebay.ca To: mailto:kevin@pare.ca" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - kevin@pare.ca will be rejected
10/24/04 11:00:27:031 -- (2728) EMail from mailto:bidconfirm@ebay.ca" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - bidconfirm@ebay.ca to mailto:kevin@pare.ca" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - kevin@pare.ca was received and quarantined. Size: 17 KB, 17408 bytes
10/24/04 11:00:27:078 -- (2544) Time to add Msg to Bayes corpus:0
10/24/04 11:00:27:203 -- (2728) Disconnect

Kevin,

EBay is running into the same problem another user reported http://www.logsat.com/spamfilter/forums/showmessage.asp?messageID=4460" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - here ( http://www.logsat.com/spamfilter/forums/showmessage.asp?messageID=4460" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - http://www.logsat.com/spamfilter/forums/showmessage.asp?messageID=4460" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - http://www.logsat.com/spamfilter/forums/showmessage.asp?messageID=4460 ).

ebay.ca SPF record contains include directives which tell the SPF filter to retrieve further information from ebay's subdomains:

"v=spf1 mx include:m._spf.ebay.com include:s._spf.ebay.com include:c._spf.ebay.com include:p._spf.ebay.com ~all"

The problem is that the subdomains specified are not really domains:

m._spf.ebay.com
s._spf.ebay.com
c._spf.ebay.com
p._spf.ebay.com

but just entries under the _spf.ebay.com domain.

The RFC states that SPF records are to be retrieved from a "DOMAIN", not a host record. All the 4 entries above are *not* domains, so even though they have an SPF record, it's not supposed to be queried. This means that ebay.ca and ebay.com have an invalid spf confguration.

However I checked the domain using the tolls that http://spf.pobox.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - http://spf.pobox.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - http://spf.pobox.com provides, and they do say that the domain complies (against their own rules...)

We've been seing more and more domains that, while incorrectly configured, are marked as "good" by SPF checkers. We'll be doing research to see how we should proceed.

Roberto F.
LogSat Software

We are not using the same tools. I can see that ebay.com has TXT/spf-records but can not find any TXT-records at all for _spf.ebay.com.

And i can also see that the "maybe-domains" do have TXT/spf-records.

Yes, it looks like the same problem I have with skutan.smf.se.

Sorry! I did not test before my last comment.

I have now put in a record for notinuse.smf.se. (A TXT-record in smf.se.)

notinuse                TXT v=spf1 ip4:193.15.18.0/24 -all
(same as parent folder) TXT v=spf1 ip4:193.15.18.0/24 -all

The TXT-record for "notinuse" is NOT showing up as a TXT-record in the domain smf.se when asking from "outside". I have to ask for TXT-record in the "domain" notinuse.smf.se to se that record.

... notinuse.smf.se is not at domain.  :)

You wrote:
However I checked the domain using the tolls that http://spf.pobox.com/" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - http://spf.pobox.com/" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - http://spf.pobox.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - http://spf.pobox.com provides, and they do say that the domain complies (against their own rules...)

We've been seing more and more domains that, while incorrectly configured, are marked as "good" by SPF checkers. We'll be doing research to see how we should proceed.

Here you can find a test tool from Microsoft:
http://www.anti-spamtools.org/SenderIDEmailPolicyTool/Default.aspx" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - http://www.anti-spamtools.org/SenderIDEmailPolicyTool/Default.aspx" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - http://www.anti-spamtools.org/SenderIDEmailPolicyTool/Default.aspx

Microsoft do not have to be right - they are big.  :-)