Roy Badami wrote:
However the angle bracket stuff is what most mail administrators will
find themselves staring at when debugging mail deliverability
problems.
That's my main reason for prefering SPF syntax; I just find it easier
to read (visually less cluttered) than XML, and its simpler (less
flexible) syntax is easier to parse visually, precisely because of the
lack of nested structure.
Am I overestimating the extent to which MARID records will end up
being written and read by hand by mail admins...?
Yes, you are overestimating it by far.
Most so called "mail administrators" are not able or not used to fetch
DNS records. They are what we call MuFF-clickers
(MuFF = Maus und Fenster-Firlefanz = Mouse and Window falderal)
By far the most domains (at least in Germany) are domains of
private people or small to medium size companies and organizations
which don't have a clue about DNS details, they are more or less
consumers of ISP services. Very few domain "admins" are able to
write a zone file. You have to give them a neat and easy user
interface, either some windows program or a web interface.
With debugging facilities - Enter an IP address here and see wether
e-mail would be accepted or not (and why).
Very few people will read or write those records directly without
software support. And much fewer people will be able to read
SPF but not XML. I guess <<2%.
I bet that MARID records will be handled through some software
frontend in >97%. So you can use ASN.1 or XML (or zipped XML)
as well. It makes writing such programs even easier.
There are ready-to-run XML parsers for PHP, Perl, Ruby, ...
Don't design the protocol for those few people who
fiddle around with DNS records directly.
Design the protocol for those who need to handle
tens and hundreds of thousands domains automatedly
and to provide a web interface.
Once we have defined a protocol, we should be
able to provide software to cope with it.
Microsoft should make a program to read, write, verify,
and debug those records easily and make it available,
and we should provide such software for Linux/Unix/
Web as well. it must be easy to use. No manual editing
of DNS records. Why? What do you think how many
mistakes will all admins make on the world?
Tell them to keep their fingers off and use a program which
generates valid (and tested!) records only. E.g. warn if
one entry blocks another. Or if RFC1918 addresses are given.
This is basically the same as configuring a firewall.
Nice feature: Run it against your local mailbox or MTA log file
and show which messages would have been accepted and which
would have been denied. This will help people to debug in advance.
Such software is needed anyway if the new protocol
is to be deployed in finite time. The more people use such
an idiot-proof frontend instead of typing in rubbish, the
easier it will be to roll it out.
Hadmut