SPF 2.0 was used to designate a SenderID policy. It was experimental and never saw widespread adoption. On Mon, Jun 7, 2021 at 1:19 PM Jean St-Laurent via NANOG <nanog@nanog.org> wrote:
What is spf2.0/pra ?
Is this new?
Jean
*From:* NANOG <nanog-bounces+jean=ddostest.me@nanog.org> *On Behalf Of *Alec Peterson *Sent:* June 7, 2021 10:35 AM *To:* Brad Barnett <lists@l8r.net> *Cc:* nanog@nanog.org *Subject:* Re: amazon.com multiple SPF records
Hmm, are you sure?
[ec2-user@ip-10-0-0-50 ~]$ dig amazon.com txt +short|grep spf "v=spf1 include:spf1.amazon.com include:spf2.amazon.com include: amazonses.com -all" "spf2.0/pra include:spf1.amazon.com include:spf2.amazon.com include: amazonses.com -all" [ec2-user@ip-10-0-0-50 ~]$
On Mon, Jun 7, 2021 at 7:22 AM Brad Barnett <lists@l8r.net> wrote:
If anyone at Amazon is paying attention, you have duplicate spf1 records for amazon.com:
# dig -t TXT amazon.com | grep spf amazon.com. 281 IN TXT "spf2.0/pra include: spf1.amazon.com include:spf2.amazon.com include:amazonses.com -all" amazon.com. 281 IN TXT "v=spf1 include: amazon.com include:spf1.amazon.com include:spf2.amazon.com include: amazonses.com -all" amazon.com. 281 IN TXT "v=spf1 include: spf1.amazon.com include:spf2.amazon.com include:amazonses.com -all"
It's causing mail deliverability issues, so users cannot reset their password, or even get OTP codes reliably.
(I don't know where else to post, as whois/arin contacts aren't responding, and I can't even imagine trying to go through other methods of support...)
-- Jonathan Leist Senior Systems Engineer