-----BEGIN PGP SIGNED MESSAGE-----
I'm just starting to get into this, so partly, I'm trying to check my
It seems like a valid email message must pass 3 spf checks: HELO, MAIL
FROM, mail header From. For valid messages, it seems like this
information will generally (not guaranteed, but generally) be the same
(HELO domain = MAIL FROM domain = mail header From domain). If that is
true, spfd is doing the same 3 DNS queries (ip address, spf record, txt
record) (plus more if it needs to check for mx, ptr, i, etc.) for each
of the 3 checks (HELO, MAIL FROM, header From:). Is there some way for
spfd to cache these results? That would cut the per message DNS queries
by 67% !! A configurable timeout per cache entry would be nice, but
even if the cache was only valid for 1 minute, it would be enough to
cache all the answers for a given message.
Is there a way to (for now until SPF type DNS records are more
prevalent) configure spfd to not look for spf type ( 99 ) DNS records?
This would cut my DNS queries by another 33% per message.
If there is a way to do both, that would cut the number of DNS queries
for simple SPF records from 9 per message to 2 per message.
Is there a way for "pre-fork'ing" and maintaining a few spfd child
processes (like apache does), so as not having to start up new processes
All of this depends on the specific spfd implementation, of which there are
several. However, I don't think that either DNS RR caching or pre-forking
is supported by any of them.
The reason why DNS RR caching isn't usually implemented within spfd or SPF
library implementations (there are exceptions, though) is that your DNS
resolver server already has a cache. DNS traffic still occurs between the
SPF checker and the resolver, but that's usually within the same network
and is thus harmless.
About SPF-RR-type checking, I think the only spfd implementation that
currently does it in the first place is the one shipped with Mail::SPF.
I think I'm going to add an option to Mail::SPF and spfd/spfquery for
choosing what RR types to check. This should serve any such needs.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
-----END PGP SIGNATURE-----
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
please go to http://v2.listbox.com/member/?list_id=735