RE: Eric Allman comments on SPF

> > John Levine criticized the first version of RMX, saying that major
> > domains like Yahoo would never be able to fit all their networks into
> > 512 bytes.  Indeed, pobox.com is hardly a huge ISP, and our MX servers
> > span seven or eight distinct networks.
> The issue is one of complexity, do we put that complexity in every client
> that looks up the information or do we put it into the tools to publish and
> distribute this information.
Not of complexity -- one of function. 

Many DNS implementations are broken and won't fall back to TCP
properly.  Therefore any response over 512 bytes may fail.

Better from a complexity point of view to have a two or three part
query:

--> TXT domain.com
<-- v=spf1 mx
--> MX domain.com
<-- MX 10 foo.domain.com
<-- MX 20 bar.otherdomain.com
<-- A foo.domain.com 127.0.0.1
--> A bar.otherdomain.com
<-- A bar.otherdomain.com 0.0.0.0

If all of your MXes are in your domain, the addresses can be returned as
additional data. If they're not, or there's not enough room (ie: yahoo),
then there's well-defined steps to query it, already implemented in
resolver libraries. 

No such code exists to work around broken UDP-only DNS.

Ari

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.txt
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)½§Åv¼ð¦¾Øß´ëù1Ií-»Fqx(_dot_)com

signature.asc
Description: This is a digitally signed message part