On Jan 25, 2006, at 4:44 AM, Frank Ellermann wrote:
Douglas Otis wrote:
A maximum to publish is also the minimum to lookup when needed.
My stupid example shows that you can get the PermError much earlier
(after 22 lookups), and without any "mx" or "ptr" the PermError
hits after 12 lookups.
At the same time, this SPF example only made accommodations for a
small number of machines. Without requiring any CIDR notation, or
complex text parsing routines using includes, redirects, and macro
expansions, both the EHLO and the MAILFROM could be verified within 1
or perhaps 2 lookups and still permit millions of machines per email-
address domain. This would only require an _smtp._client.<EHLO> SRV
record at the EHLO. If this domain was not within the MAILFROM,
another _csv._client.<MAILFROM-DOMAIN> PTR record could then list
permitted EHLO domains. This would seem a simpler solution, and one
that would not demand so much of DNS and receiving MTAs. Perhaps
conventions for the label used for the EHLO could enable a discovery
process, and there is also the CIDR RR to simply list all the
outbound addresses. This approach provides fewer states, but that
also seems to be a simpler solution.
-Doug
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg