RFC 7208, "Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1", April 2014Source of RFC: spfbis (app)
Errata ID: 6432
Publication Format(s) : TEXT
Reported By: Kaspar Etter
Date Reported: 2021-02-17
Rejected by: Barry Leiba
Date Rejected: 2021-02-17
Section 4.4 says:
In accordance with how the records are published (see Section 3 above), a DNS query needs to be made for the <domain> name, querying for type TXT only.
It should say:
Request for clarification: Are CNAME indirections allowed or, in other words, do they have to be followed during record lookup? If yes, do they count towards the DNS lookup limits as defined in section 4.6.4? If yes, the following sentence has to be adapted as well: "SPF implementations MUST limit the total number of those terms to 10 during SPF evaluation, to avoid unreasonable load on the DNS." If the answer to the first question is no, then this should be made clear in section 4.4.
Please note that whether using CNAMEs is a good or bad idea is irrelevant to my question. I also know that you can't add a CNAME record to an apex domain but SPF is not limited to such domains. I assume the answer/consensus will be the same for the initial, `a`, `include`, `exists` and `redirect` lookups. If not, this should also be clarified, of course.
Errata reports are not the place to ask questions. An appropriate mailing list on which to discuss SPF is the <ietf-smtp> list.