Cpanel SPF Generator - Input Validation?

n8whnp

Member
Sep 2, 2007
13
0
51
Does the cpanel SPF generator preform any kind of input validation? I am seeing instances where infinite recursion loops are being preformed in a spf record:

i.e.

domain1.com. 14400 IN TXT "v=spf1 a mx include:domain2.com ~all"

and

domain2.com. 14400 IN TXT "v=spf1 a mx include:domain1.com ~all"

This causes you to hit the 10 check_host() limit as described in RFC 4408 (Section 10.1.) which means you allow customers to create records which will get their mail flagged as spam for failing to have working SPF records.

If you want to make this happen, just put multiple domains in the include list from the same cpanel account and select: Overwrite Existing Entries.
 

Owen.formerlyof

Registered
Oct 8, 2009
1
0
51
I have a couple of questions that could help me track this issue down.

1) How did the ~ flag get set on all?
2) Is one or more of these domains an addon domain?
3) Are the entries in the same zone on different zones?