Hi Phillip,
--"Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com> wrote:
171 of those records seem to be creating a DMP style reverse-IP
lookup zone. I think this might have a place since it is the most
convienient for a couple of use cases:
That would be altavista.com... I wrote some more about it in my previous
message if you are interested. Basically the null.spf. doesn't exist, but
we log all queries made to it so we have a record of attempts.
The DMP style has the advantage that the probability of receiving
cached DNS data that is stale is low.
People may want more flexibility than a list of IP addresses, but that
does not mean they want more complexity.
DMP is a bit less complex, and interesting things are possible with it.
However, I would like to keep in mind the complexity of the system as a
whole. If we adopt the barest, simplest method for LMAP-to-DNS, then
people can certainly create stuff that is more flexible, but the complexity
moves to the DNS server in that case.
If we are limited to a reversed-ip style lookup like DMP, that's easier for
the receiver but gets prohibitive for the sender who might want different
policies than IP In, IP Out. The most popular "mechanisms" in SPF are
probably the simplest to implement too: a, mx, ptr.
Whether we want to place more burden on the publishing DNS server or the
receiving MTA is an interesting discussion... but like a lot of things,
there's a sliding scale.
--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>