On 5/18/04 at 1:41 PM -0700, Matthew Elvey wrote:
On 5/18/2004 10:30 AM, Pete Resnick sent forth electrons to convey:
So let's say that all SPF TXT records start with "_spf", like
"_spf.example.com". Now let's say that I've got a domain that has
names like "mail1.sales.example.com", "mail2.sales.example.com",
"unix.support.example.com", "mail.marketing.example.com", and
that's what a recipient will be using for the SPF lookup.
You've created a record for each of them. Create another record for
each of them. This is utterly trivial. Each can simply be a
reference to another domain holding the actual SPF record 'guts'.
And people were complaining about having to maintain a separate MX
and MARID record? If I've got thousands of these things, where all of
the ones in sales have the same SPF record except 5 of them and all
of the ones in marketing have the same SPF record except 23 of them,
I've got to manage all of the CNAME records pointing to a sales
"master" and a marketing "master"? This sounds like a management
nightmare to me. I'd like to say, "Here are the exceptions in this
particular domain and everything else is default." And default is
most easily defined by a wildcard.
So I want an SPF record that will match "*.sales.example.com". How
do I make such a record? I can't use "_spf.sales.example.com",
because that won't match "mail1.sales.example.com". I can't use
"_spf.*.sales.example.com", because as far as I know the DNS will
only match wildcards if they are the left-most component of the
domain name. So I either have to put in individual records, or I
have to depend on the receiver to work their way up the tree and do
queries for "_spf.mail1.sales.example.com", and if that fails use
"_spf.sales.example.com", and if that failes use "_spf.example.com"
(and probably not try "_spf.com" if that fails, eh?).
Boy is this exquisitely Rube Goldberg.
Absolutely. And it wouldn't be if I had wildcards.
That stinks. We've got a wildcard mechanism in the DNS for a
reason. I'd rather not see us have to hack around it to get the
same effect. And I have yet to hear a satisfactory response to the
issue.
Done.
Uh, no. Basically what you've said is, "Wildcards aren't a problem
because you can't use wildcards." Thanks, but no thanks.
pr
--
Pete Resnick <http://www.qualcomm.com/~presnick/>
QUALCOMM Incorporated - Direct phone: (858)651-4478, Fax: (858)651-1102