We have started to receive reports about weird error messages in the ORF logs, like the one below:
Unexpected SPF Test error. EAssertionFailed “Invalid network IP for the CIDR test.
spf\SPFCommon_un.pas, line 145)”.
Though the message seems quite disturbing, the explanation will surely calm your nerves: it simply indicates the SPF record included an invalid ip4 mechanism with a CIDR network range notation, therefore the range could not be interpreted by the SPF evaluation of ORF and the SPF test was skipped.
We will fix this in future versions, so ORF will return a more informative message in such cases.
Actually, we have not had reports about this issue in the past (despite the fact that the core SPF evaluation changed little over the past six years since its implementation), but now Microsoft changed one of their SPF policies and accidentally added an invalid dot-decimal notation (111.221.26.08/29 in the SPF policy of _spf-ssg-c.microsoft.com, which is included in policies of various Microsoft domains). The trailing .08 part is invalid, it should be simply zero or eight: unfortunately, this causes all emails from Microsoft domains (or emails spoofing any of these domains) to trigger the above mentioned error.
They will hopefully fix this soon and the policy will “wear off” in DNS caches as well, so the errors will also go away. In the meantime, you should simply ignore them, though some spoofed emails from Microsoft may leak through due to their faulty SPF record.
Update (October 5, 2011): Microsoft have fixed the SPF policy.