On Thu, 2004-08-19 at 09:32, Scott Kitterman wrote:
On Wed, 2004-08-11 at 5:59, william(at)elan.net wrote:
Perhaps it would be usefull if we allow one type of SPF record to
reference (include, refer to) another type of SPF record, this would
eliminate duplication problems in case of long records and avoid
issues with large dns packet (because of multiple large txt records)
as well.
Or perhaps we could say that mail receivers MAY use an v=spf1 records if no
SPF2 record is returned. As I understand it, any query for a TXT record
will return all TXT records for the domain, so if the TXT version of SPF2 is
queried for, the v=spf1 record will be returned if it exists.
I understand that some are concerned with the difference between 2821
mail.from and 2822 PRA. I've read all the drafts and as nearly as I can
tell, the mechanisms defined in my v=spf1 record will work perfectly well
for Sender-ID.
For those, like me, for whom the records would be the same, allowing for
backward use of the earler SPF records would simplify things considerably.
It would also allow for Sender-ID checks to be usefully evaluated much
sooner since a large body of v=spf1 records is already published.
For those who are concerned about the distinction, but want to use v=spf1,
if they publish an SPF2 record, then they can define that distinction.
The change I am proposing would be to Page 5 of The Sender-ID Record: Format
and Interpretation, draft-ietf-marid-protocol-02.
Change:
A Sender-ID compliant MTA MUST look up SPF2 RR type, it MAY lookup
TXT record at the same time, or wait for negative answer. SPF2 type
SHOULD be used if available.
To:
A Sender-ID compliant MTA MUST look up SPF2 RR type, it MAY lookup
TXT record at the same time, or wait for negative answer. SPF2 type
SHOULD be used if available. If a v=spf1 record is returned from
the TXT record lookup, it MAY be used if and only if no SPF2 (SPF2
RR or SPF2 TXT) record is returned.
I believe that would make life simpler for many of us without undue
complication for others.
There should be a concern doing this. Those that published v=spf1
records were intending this record to be applied to their RFC2821 MAIL
FROM mailbox. This would allow _any_ RFC2822 mailbox to be used. Those
publishing this record may have fully expected to retain this freedom,
which now you feel obliged not to respect out of expediency.
This lack of respect seems to extend to the use of SPF2, as the
identifier for Sender-ID. Why not fully depart, instead of this half
measure which only seems to obfuscate the fact these algorithms and
mechanisms are entirely different. Sender-ID is not even better in many
respects.
-Doug