spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Global whitelist: wl.trusted-forwarder.org

2003-10-16 16:04:49
from [wayne] [Permanent Link] 
In <20031016223759(_dot_)GT2345(_at_)dumbo(_dot_)pobox(_dot_)com> Meng Weng 
Wong <mengwong(_at_)dumbo(_dot_)pobox(_dot_)com> writes:


On Thu, Oct 16, 2003 at 04:49:07PM -0500, wayne wrote:
| 
| Option two:  Domain owners could add "!dnsl:wl.trusted-forwarder.org"
| to their SPF specs.  They could also add any other DNSWLs that they
| trust to be well maintained.
| 

This would be the preferred option; hardcoding things into libraries is
so blah.  On one hand it'll be hard to get domains to add that to their
lookups; on the other hand I worry about the VeriSign scenario.  Is
there a better way?


By "the VeriSign scenario", you mean what happens when this DNSWL gets
hardcoded into zillions of zone files and the operator of the DNSWL
becomes untrustworthy?  If so, I highly agree with that being a large
concern.

Hardcoding stuff into libraries and such may be blah, but libraries
are much more likely to be updated and configuration files for those
libraries or MTAs or spamfilters are going to be the "expected" place
to change this kind of thing since this is where DNSBLs are generally
found. 

My gut feel is that there will not be a large number of these DNSWLs,
there may end up only being one and only for a year or two.  However,
I think the question "who really is a trusted forwarder?" can be
legitimately answered many different ways and there *must* be a real
option given to people.




BTW, I am renaming the "dnsl" mechanism to save a byte or two.

The new name is "PI".

It stands for "reversed IP".

No, really!


Hmmm.....  You may be getting a little cryptic there.

However, saving a byte or two may be important when you are talking
about a zillion zone files.  I guess this is a (weak) argument against
putting the DNSWLs into zone files.  There is certainly a limited
number that you can specify and still fit in a UDP packet.



-wayne

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: using HELO instead of MAIL FROM with SPF, Meng Weng Wong
Next by Date:  Miscellaneous Thoughts, Phil White
Previous by Thread:  Re: Global whitelist: wl.trusted-forwarder.org, Meng Weng Wong
Next by Thread:  Re: Global whitelist: wl.trusted-forwarder.org, Mark Foster
Indexes:  [Date] [Thread] [Top] [All Lists]