[Top] [All Lists]

Re: [ietf-smtp] SPF DNS query limits

2016-05-24 16:38:33
On Tue, May 24, 2016 at 10:04 AM, Carl S. Gutekunst 
<csg(_at_)alameth(_dot_)org> wrote:

On 05/23/2016 08:37 AM, Scott Kitterman wrote:

On Monday, May 23, 2016 03:52:39 PM Paul Smith wrote:

2) Is this limit generally being stuck to by SPF evaluation functions?

This limit goes back to the experimental RFC 4408, so it's a decade old.
of the open source implementations of which I'm aware follow it (although
provide configuration options to ignore it).  I don't know the status of
proprietary implementations.

The four proprietary implementations with which I'm familiar all implement
the 10-level limit. Two of those also explicitly checked for loops. It's in
the receiver's own self interest to do so.

Gmail's implementation has a bunch of limits in it which may not be in the
spec, though they tend to be fairly generous.  Our DNS lookup limit is
definitely more generous than 10.

For us, we made the decision that enough mail had records requiring more
lookups that it was useful to go deeper.  And it doesn't help that our
current record is already requiring 4 lookups.  And no, we
don't have >200k servers, we're also looking to reduce our SPF record to a
more reasonable set.

Also, we already cache DNS lookups on most of the internet, so almost all
of the increased usage is already cached.

We also (more recently) have a loop detector, and refuse to descend into

ietf-smtp mailing list