[clear] Plan of Action for CSV?

At 08:51 PM 6/20/2005 +0000, John Levine wrote:

The address 'imladris.demon.co.uk' in particular couldn't be listed with
the others -- that ISP may change that address if/when the connection to
it switches from dialup to DSL, and I wouldn't want the duplication.


  I understand not wishing to duplicate this; but it seems to me you're
taking a far greater risk by trusting an external organization to
determine the basis for _your_ reputation. It doesn't strike me as a
good practice to do this.


Demon is a quaint English ISP that provides static IP addresses to its
dialup customers, so it's quite reasonable to use the address they
provide.

BUT we have to draw the line somewhere in regard to encoding complexities
of people's configurations into CSV data.  I understand that life can be
complicated, but that way lies the madness that is SPF.


Agree 100%

My suggestion is that a domain can have one (1) CSV record that can
point to a single name that can have as many A and AAAA records as
needed, and there we draw the line.  If your life is more complex than
that, it's your problem to collect the data and update your record.


I think CSV should avoid the madness of redirects, includes, macros, and 
all the other stuff that is making SPF vulnerable, but still take advantage 
of its capacity to authorize the servers for an entire domain in one 
easily-maintained record.

Here is the record for a really huge domain, rr.com.
"v=spf1
ip4:24.30.203.0/24 ip4:24.28.200.0/24 ip4:24.28.204.0/24 ip4:24.30.218.0/24
ip4:24.93.47.0/24  ip4:24.25.9.0/24   ip4:65.24.5.0/24   ip4:24.94.166.0/24
ip4:24.29.109.0/24 ip4:66.75.162.0/24 ip4:24.24.2.0/24   ip4:65.32.5.0/24 
+mx ~all"

As you can see, they have isolated the outgoing mail servers for their 
entire, widely-distributed domain into twelve blocks.  These blocks do not 
include the dynamic IP space they allocate to customers.  If you get a mail 
from rr.com, you can be quite confident it is not from a zombie.

Aside from convenience, which will be a major factor for domains like 
rr.com, there is the question of DNS efficiency.  Put this one record in 
your cache, and you won't have to make another query to rr.com for 24 
hours.  That could cut DNS traffic by a factor of several thousand.

--
Dave
************************************************************     *
* David MacQuigg, PhD     email: david_macquigg at yahoo.com     *  *
* IC Design Engineer            phone:  USA 520-721-4583      *  *  *
* Analog Design Methodologies                                 *  *  *
*                                 9320 East Mikelyn Lane       * * *
* VRS Consulting, P.C.            Tucson, Arizona 85710          *
************************************************************     *

<Prev in Thread]	Current Thread	[Next in Thread>
[clear] Multiple SRV RRs, (continued) [clear] Multiple SRV RRs, David MacQuigg [clear] Multiple SRV RRs, John Levine [clear] Multiple SRV RRs, Mike Pinkerton Message not available [clear] Multiple SRV RRs, David Woodhouse [clear] Plan of Action for CSV?, David Woodhouse [clear] Plan of Action for CSV?, Tony Finch [clear] DNS Records for CSV?, David MacQuigg [clear] Plan of Action for CSV?, John Levine [clear] DNS Records for CSV, David MacQuigg [clear] DNS Records for CSV, John Levine [clear] Plan of Action for CSV?, David MacQuigg <= [clear] Plan of Action for CSV?, Douglas Otis [clear] Plan of Action for CSV?, David Woodhouse [clear] Plan of Action for CSV?, John Leslie [clear] Plan of Action for CSV?, David Woodhouse