spf-discuss
[Top] [All Lists]

Re: Arguments regarding "complexity"

2003-12-20 07:39:34
----- Original Message ----- 
From: "Greg Connor" <gconnor(_at_)nekodojo(_dot_)org>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Friday, December 19, 2003 8:19 PM
Subject: [spf-discuss] Arguments regarding "complexity"


Regarding complaints that SPF is "too complex" ...  I wonder if it would
help or hurt the cause to have some recommendations for a "minimal"
implementation of SPF.  This might address concerns such as Eric Allman's
"must be doable in rules"...

Something like, "If the receiving mail system does not support certain
mechanisms, such as exists, include, redirect, or anything containing
macro expansions, the result should be "unknown" and processing
should stop.

A "minimal" implementation of SPF, callable from a sendmail rule, would
require an equal amount of sendmail complexity to determine what mechanism
are too complex too handle. :)

The problem with sendmail rules, is that they easily allow for DNSBL style
lookups, like 4.3.2.1.lookup.domain, but not much beyond that. So, Philip's
suggestion to make a mini DNS server (based on Net::DNS::Nameserver?), as an
additional sendmail tool, that can handle a compound query like this,

1(_dot_)2(_dot_)3(_dot_)4(_dot_)philip(_at_)altavista(_dot_)com(_dot_)HELO@foo.bar.lookup.spf.gladstonefamily.net

Would actually be ideal for use within a sendmail rule. In a real sendmail
rule, it might take a similar shape:

R$-.$-.$-.$-    $: $(host $4.$3.$2.$1.$f.HELO.$s._spf.domain.name. $:OK $)

Mind you, that this does not break SPF at all, nor even changes it one iota.

Queries for this type would be done against port 53 too, of course. In BIND,
queries to our special _spf zone can easily be forwarded to our our
dedicated DNS tool:

zone "_spf.domain.name" IN {
    type forward;
    forward only;
    forwarders {
        127.0.0.4;
    };
};

Where our own DNS server is awaiting queries on 127.0.0.4 (or wherever you
want, of course).

- Mark

        System Administrator Asarian-host.org

---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡