On Fri, Oct 17, 2003 at 11:57:48AM -0700, Robert Spier wrote:
|
| And I suspect there is a compromise. The left/right thing bothers me
| more than using the "generic" TXT RR.
|
| Why not just encode all the data on the RHS?
|
| domain.com IN TXT "v=spf1 _smtp_client <spf data>"
|
OK, we have three kinds of funkiness going on. Let's look at each one.
1) the top-level policy label.
all we need is a place to stash "v=spf1 a mx pi ptr default=deny".
Per Robert's suggestion, this could go into a TXT record for the
domain itself --- we'd get rid of the "policy._smtp_client" part.
2) the PI lookup zone.
If the domain defines the PI mechanism, and if the IP is 1.2.3.4,
we would perform the query 4.3.2.1.in-addr._smtp_client.DOMAIN
3) the LocalPart lookup zone.
If the domain defines the LocalPart mechanism, and if the user is foo+bar,
we would perform the query bar.foo.policy._smtp_local.DOMAIN
That's still evolving. We could just as well do
bar.foo.localpart._smtp_client.DOMAIN
which puts it in the same "subdomain" as #2.
Discussion:
1) Even if we get rid of "policy._smtp_client", we still have the
problem of "misusing" TXT records; this scenario makes the strongest
case for a new RRtype. The DNS guys would take one look at the
"v=spf1" label and say, "you guys are faking an RR type. Don't."
2) If we get rid of the subdomain, how do we design reversed-IP lookups?
4.3.2.1.DOMAIN? But maybe that space is already populated.
Underscore labels are nice; they're like secret dimensions.
Besides, even if we get a new RR type, that doesn't make the problem
go away.
Suggestions:
1) drop the "policy._smtp_client" and just do DOMAIN IN TXT "v=spf1 ..."
2) Ask IANA for a new RR type now; we can use it for a future version of SPF.
2) Keep using _smtp_client; even if we get a new RR type, there's still
a legitimate need for a shim between the reversed-IP and the domain
name.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡