Okay, so let's allow %{t} only in expanding exp TXT RRs, and disallow it
in all mechanisms and modifiers.
'v=spf1 exp=exp.example.com' <<= %{t} not allowed here or in any mechan
exp.example.com IN TXT "Bummer %{t}" <<= %{t} allowed here.
Then there never will be %{t}-generated entries in any DNS cache.
Cheers!
In <20031218194704(_dot_)GK31242(_at_)dumbo(_dot_)pobox(_dot_)com> Meng Weng
Wong
<mengwong(_at_)dumbo(_dot_)pobox(_dot_)com> writes:
| >> In <3FE1C7BD(_dot_)9040204(_at_)foster(_dot_)cc> Mark Foster
<mark(_at_)foster(_dot_)cc>
writes:
| >>
| >>> Wouldn't doing away with the macro-char t (also) greatly reduce
the
| >>> ddos risk?
| >>> What is t needed for, anyway?
it's more for the exp url.
I guess if the %t macro was restricted to the exp message, I wouldn't
have a problem. Even then, other timestamps are likely to be more
appropriate.
The %t macro is just far more expensive than people might realize,
with a lot of the expense coming in the form of bloated DNS caches on
machines third party machines. If the expense only was felt by the
domain name owner who used the %t macro, that would be one thing, but
it isn't.
-wayne
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)½§Åv¼ð¦¾Øß´ëù11{W]?Ú
--
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)½§Åv¼ð¦ç?2b¥yÈbox(_dot_)com