On Thu, Dec 18, 2003 at 03:21:55PM -0800, Greg Connor wrote:
| >
| >Proposed change to the RFC text:
| >
| > An SPF query may trigger subqueries due to includes and redirects. If
| > more than a total of 20 subqueries are triggered, an SPF client MAY
| > abort the lookup and return an unknown result.
| >
| > Regular lookups such as A and MX queries do not count toward this total.
|
| I like this. In this context does "subqueries" mean "exists-mechanism
| queries"? What other queries are there (A, MX, PTR, TXT for include:)
|
No, only include and require, which trigger a new TXT lookup for new SPF
directives.
The aim is to defend against a buffer attack, and to limit resources to
sane values. I don't want the latest sendmail exploit to be SPF's fault
--- imagine a bad guy setting up include:aaaa include:aaab include:aaac
ad infinitum.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡