Le samedi 31 Juillet 2004 01:48, Dean Anderson a écrit :
Well, it is interesting that the major corporate sponsors of SPF and RMX
aren't against spam, but only spam not originating from them or not paying
them.
For sure, they are quite against "illegitimate spam" that dilutes their
"legitimate corporate advertising" ;-)
But, great care or not, SPF does make it pretty much impossible to
outsource. You need a record for each mailserver. It is reported that it
is only possible to have 18 root Nameservers because that is the maximum
that can fit in a DNS packet. The TXT record is not as efficient, but I
don't have any exact number for the maximum number of servers will be
possilbe. But it will probably approximately 18. This limits the number
of servers that can be outsourced, or even internally used.
I understand from this that you don't understand at all the way that an SPF
record works. Please Read The Fu^Hine Documentation...
Then there are deployment issues. Besides the cost of adding the SPF
records to tens of millions of domains and the complications of just
getting that done,
Tens of millions of domains are currently supposed to manage and maintain
their DNS records, and each domain, even really "basic" needs at least 4
records in DNS, typically
- 1 SOA
- 2 DNS
- 1 MX or more
- 1 A for the MX (if in the same domain)
- Generally one "www.thing.org" that points to the web server
And of course the bigger the domain, the greater the number of machines and
"A" records in DNS.
Adding SPF to a domain is adding ONE TXT record to the domain.
It is also wise to add one for each "A" record in the domain.
Setting this up is a matter of minutes for one domain, so every domain that
has an admin maintaining it should be able to afford it -- and those who do
that externally actually pay for a service, don't they ?
Expressing this in "billion dollars" is like trying to evaluate the time that
I spent scratching my head today, multiply this by the number of inhabitants
in my country, and calculate from there how many billion dollars are lost
each month from work time lost scratching one's head...
there are other complications:
DNS protocols present provide for TCP connections to handle packets larger
than 512 bytes. However, many server implementations still don't support
TCP, or don't support it properly.
If they don't, they should. If broken, fix.
Well, you're depicting a whole nightmare in which it seems that you much
exagerate the problems that implementing SPF causes. Remember that more than
22,000 domains using SPF are known as of today, and some suppose the actual
total figure is about 100,000 or more.
--
Michel Bouissou <michel(_at_)bouissou(_dot_)net> OpenPGP ID 0xDDE8AC6E
Ne auderis delere orbem rigidum meum!