ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Unified SPF: block versus factored records for HELO and MTAMAark scopes

2004-06-24 20:52:10
from [John Levine] [Permanent Link] 


In my discussions with Microsoft and AOL, I have gathered the
impression that large mail receivers favour block records because
they are more easily cached and more easily transformed into a
representation native to their internal antispam engines.  Factored
records which require a new lookup for every cache negative are, in
their world, not lightweight by comparison.


That's definitely how the Exchange group feels, since Exchange is a
single long-running large program with threads handling the SMTP
sessions.  In this case, it's faster to slurp up all of the domain's
info once and cache it inside the application.

Most Unix MTAs including sendmail, exim, qmail and (I believe) postfix
fork off a process per SMTP session which exits at the end of the
session.  In this case, any effort beyond that to validate the single
IP used in the session is wasted, and the local DNS cache is where the
info will be remembered.  My impression is that there are a lot of
large sites whose MTAs work this way.

The reason I concocted FSV, which as you may recall "panders to all
factions" is that there are significant communities which do it each
way.  FSV could serve up block records for people who want block
records and factored records for people who want factored records.

I realize that there's other ways to deal with this situation.  For
example, you might have a special purpose DNS cache which fetches
block records, but then responds to factored queries from local
clients.  I know how I might write one of them, but until we try it, I
wouldn't want to guess how well it'd work in practice.

What this all tells me is that we're still nowhere near ready to
standardize anything, because we don't have experimental data to tell
us about performance issues, how the bad guys will counterattack, or
any other real world problems we'll run into if we actually try to use
this stuff.  Publishing SPF records isn't enough -- people have to use
them to filter mail or at least log info about what happened when they
fetched the SPF data and what would have happened if they used that
data for mail filtering.

Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet 
for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: moving the anonymous mail argument to ASRG, John Levine
Next by Date:  Re: moving the anonymous mail argument to ASRG, David Wall
Previous by Thread:  Re: Unified SPF: block versus factored records for HELO and MTAMAarkscopes, Tony Finch
Next by Thread:  Re: Unified SPF, John Leslie
Indexes:  [Date] [Thread] [Top] [All Lists]