-----Original Message-----
From: owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org]On Behalf Of
william(at)elan.net
Sent: Sunday, September 05, 2004 8:04 PM
To: Mark Lentczner
Cc: IETF MARID WG
Subject: Re: consensus call of RR prefix
On Sun, 5 Sep 2004, Mark Lentczner wrote:
Three items to respond to:
[-1-]
On Sep 5, 2004, at 6:33 AM, william(at)elan.net wrote:
-prefix does not solve the wildcard issue
Actually prefix helps wildcard issues and solves at least
one of them.
It allows to avoid necessity to enter separate records for both
"example,com" and for "*.example.com" while with prefix
one record for
"*.example.com" would suffice and cover both
_prefix.example.com and
anything else like _prefix.subdonain.example.com.
Usually, the use of the wild-card record is to say "-all"
for anything
in a subdomain, and hence this record is would not be the
same as the
domain's record:
That depends on the use of wildcards. When wildcards are used
in parallel
with wildcard MX entries, then the SPF record for domain and widlcard
subdomains will most likely be the same.
Different situation is for somebody who just wants to say
that there are
no working subdomains under his domain, then "-all" can be
used. But do
remember that wildcard will actually not work for any
subdomain that is
deligated (i.e. ones that have their own direct "A", "MX" or
any other
record) so this might not have much value as I don't think spoofing
non-existing hosts is very common and these can be quickly
cought by just
checking if the host actually exists...
with prefix:
_prefix.example.com IN SPF2 "spf2.0/pra +mx +a -all"
*.example.com IN SPF2 "spf2.0/pra -all"
without prefix:
example.com IN SPF2 "spf2.0/pra +mx +a -all"
*.example.com IN SPF2 "spf2.0/pra -all"
I assert that if you have wildcard MX record, then you would
actually want
wildcard subdomain record to be exactly the same, see above.
There is no savings and no difference. On rare occasion
when you want
the same record, a prefix fails to help:
with prefix:
*.example.com IN SPF2 "spf2.0/pra +mx:mx.example.com -all"
without prefix:
example.com IN SPF2 "spf2.0/pra +mx:mx.example.com -all"
*.example.com IN SPF2 "spf2.0/pra +mx:mx.example.com -all"
It still makes no difference over-the-wire: Only one record
would be
ever returned, so this savings is only one administrative
entry. Not a
ringing endorsement in my mind.
I agree with above, there is no difference in the wire, the
difference is
only that administrator needs to enter one record instead of two.
And yes, this is not very strong reason to do it, but it does mean
that on at least one issue (be it a small one), the prefix does help
with wildcards where as every other issue is exactly the same no
matter if prefix is used or not. So really we should not put any
statement like that "-prefix does not solve the wildcard issue",
as not using prefix does not solve these issues either!
Please relax, "-prefix does not solve the wildcard issue" does *not* mean/imply
"lack of prefix
solves the wildcard issue", because if it did, then the statement would be
"-prefix causes an issue
with wildcards". There are wildcard issues that exist without prefixes, if
they didn't, there
wouldn't be any issue for us to discuss...
There are wildcard issues that are as yet unresolved (albeit rare). I thought
that prefixes were
proposed as a solution (weren't they?) and were found not to be a resolution.
If that was not the
case my mistake. But either way, the statement is accurate as having a prefix
does not actually
*solve* a wildcard issue.
Terry Fielder
Manager Software Development and Deployment
Great Gulf Homes / Ashton Woods Homes
terry(_at_)greatgulfhomes(_dot_)com
Fax: (416) 441-9085
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net