ietf-mxcomp
[Top] [All Lists]

Re: DEPLOY: Over-running TXT dataspace in FQDN (-protocol I believe)

2004-08-26 06:40:09

On Wed, Aug 25, 2004 at 08:44:16PM -0700, Rand Wacker wrote:
| 
| This is a concern that has been voiced to me by several major sites that
| are exactly the same set of sites we use as examples for where we need to
| stop phishing from.  They are most likely going to publish *both* spfv1
| and spfv2/pra records, and their initial investigation of their email
| architectures has indicated that those records are going to be pushing
| this real-world 240-byte limit (a 480 byte effective UDP packet split in
| two)
| 

The divergence between v=spf1 and spf2.0/pra records was
motivated by the desire to accommodate those domains whose
sets of permitted IPs differed according to context.

Example.com might wish to permit one set of MTAs to use its
name in mail-from, and another set of MTAs to use its domain
in the PRA.

My initial response to this requirement was to say,
"example.com should just take the union of both those sets
and publish that."

I believe that some people have spoken up and said that a
union solution was unappealing.

As things stand, the current draft means most people would
do:

 example.com TXT "v=spf1     blah blah blah"
 example.com TXT "spf2.0/pra blah blah blah"

I believe that the vast majority of all domains will have
exactly the same "blah blah blah".

Rand's objection appears to share this belief.

Therefore, I suggest that we introduce the %{e} scope macro
to accommodate the very small fraction of domains who need
to distinguish the scopes, and allow everyone else to leave
things alone.

At the Microsoft event earlier this month, we spent some
time discussing this issue.  The audience represented the
ESP community, who I believe are the folks who would most
want to assert the distinction between scopes.  The audience
felt that changing the prefix would be fine, but doing a
scope macro would also be fine.