[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Radu
Sent: Friday, March 18, 2005 4:28 PM
Subject: Re: [spf-discuss] Draft ammendments on DNS lookup limits
Radu Hociung wrote:
Scott Kitterman wrote:
I'll be the first to object. Go look at my record and tell me how to
it less expensive? BTW, the ip4: mechanisms are a best guess for
I'd be interested to see if you can figure a way to do mine in 10
less. My DSL provider's record takes 10 by itself, and so once
that one, I'm already at 11.
First, can we agree that SPF was not invented to resolve an individual's
spam problem? I think that those with complicated setups should find
solutions. Otherwise, there will always be someone with a more
complicated problem than the specification allows, and we'll never find
a solution that makes everyone happy.
Second, the answer to your question follows. There may be bugs in
spfcompile, and they will manifest themselves below. It is work
in progress, but I do think it shows promise.
[root(_at_)sun src]# spfcompile -sender scott(_at_)kitterman(_dot_)com
Compiled record (19 mechs, len 397, cost 2 queries):
v=spf1 ip4:220.127.116.11/24 ip4:18.104.22.168/24 ip4:22.214.171.124
?ip4:126.96.36.199/24 ?ip4:188.8.131.52/24 ?ip4:184.108.40.206
?ip4:220.127.116.11/31 ?ip4:18.104.22.168 ?ip4:22.214.171.124
ip4:126.96.36.199/31 ip4:188.8.131.52/31 ip4:184.108.40.206
ip4:220.127.116.11/31 ip4:18.104.22.168 ip4:22.214.171.124
Due to the fact that I used -flatten, you'll need to run a cron job to
refresh it, just in case one of your providers changes their mail
server config (which typically is very infrequently)
Without -flatten, this is a possible record:
[root(_at_)sun src]# spfcompile -sender s(_at_)kitterman(_dot_)com
Compiled record (12 mechs, len 221, cost 11 queries):
v=spf1 include:webmail.pair.com ip4:126.96.36.199
ip4:188.8.131.52/24 ?ip4:184.108.40.206/24 a:relay.pair.com
?ip4:220.127.116.11 include:megapathdsl.net ?a:voot.pair.com
By the way, if you don't know the complete list of Comcast outgoing
servers, your record should end with a softfail ~all, not a hardfail.
You mentioned you care about the reliability of your email. So you
should think your record more carefully.
Actually, I'm pretty confident that I've got them all covered based on
analysis of several hundred messages sent by myself and others (such as Guy)
on this list. I view the risk of a message being rejected because I missed
something on the Comcast record as something along the lines of the risk I
take with having a forwarded message rejected due to forwarding.
I'll get the reject and I'll send it another way. I think I've thought
about my record a lot more carefully than you have.