Tim Gladding wrote:
Mail already depends on SMTP and DNS (for the most part). We shouldn't
make running an HTTP server a requirement for running an SMTP server.
Like I said before, not everyone currently runs an HTTP server, and I
don't see anyone turning on up specifically to handle SPF.
Consider what could happen if this lived in its own protocol, and if the
servers were determined by using SRV lookups. Sites which wanted to
support it still wouldn't need to run any extra servers or daemons. They
could just use the SRV data to point somewhere that would run it on their
behalf.
I'm a geek, so I'd run this kind of server. My less-geeky friends might
run a mail server but wouldn't want to tackle this sort of thing. That's
no problem - they could just put me in the SRV entry and give me enough
details to answer queries about their domains.
This also avoids the problem of harassing MTAs by connecting back to
them to see if they can support a new extension to SMTP. If you're
doing a SRV lookup, you get NXDOMAIN if a domain doesn't implement it,
and that gets negatively cached for awhile.
I think this could work with a very simple protocol. A MTA somewhere
needs to do a verification on some domain, so it looks up the SRV record
for this theoretical service and connects to the named host. It presents
the details about the sender (IP address, e-mail address, PGP key, more?)
and asks for a verdict. It gets either yes or no, and then acts based on
the local policy. This gets cached on the MTA side, so that repeat hits
don't annoy the server too often.
The best part is that lots of people could start using it by having
various friendly types run the service for them. All they'd have to do
is find a willing host and then add the SRV line to their zone files.
The server side would be very easy to write. I suspect that typical "one
domain, one IP address" situations would only require a few dozen lines of
Perl or Python. Larger sites could expand it as necessary.
I touched on this briefly last month, but the thread fizzled. If anyone
wants to hear more, I'd be happy to elaborate. I even have a demo server
running on my system here to show just how easy it could be.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.6.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡