At 8:25 AM -0700 05/19/2004, Hallam-Baker, Phillip wrote:
Why would we use a wildcard?
OK _spf.*.verisign.com would be a bear. The DNS specs do not support
exchange of this type of wildcard expression in zone transfers or (less
relevant) in DNSSEC. I think this is something that should be on the fix
list, not least because of the existing issues caused by NAPTR and SRV in
this respect.
But why would anyone need it?
Possibly to say that no valid email would be emitted from subdomains?
For example, if someone forged using the subdomain techsupport.example.com
where example.com does not use subdomains of example.com, a query to
_spf.techsupport.example.com would likely return no records. While it
is always a recipient domain decision to interpret that event, example.com
might feel that they would get the desired result more often if it could
assert that no subdomain emitted mail. Using the _name hack could
make that sort of assertion hard, because it might create the need for
_name.*.example.com.
Note that I am not discussing any particular syntax here, nor trying
to make a comment on specific proposals; I'm just thinking aloud
about the reasons people might need it in this sort of proposal.
Speaking personally,
regards,
Ted Hardie