Quoting Hallam-Baker, Phillip (pbaker(_at_)verisign(_dot_)com):
[big snip]
Option C
A third option is to re-use the existing mechanism defined by the SRV
record. Essentially you use a DNS name that is not a legal domain name to
use as a selector for the item you want to retrieve. This scheme is I
beleive compeletely compatible with the existing DNS infrastructure since
even though underscore is not a legitimate DNS character, it is a
potentially a legitimate character in Heisod, Chaos or any of the other name
spaces the DNS might be asked to support.
_spf.aol.com. 255 IN TXT "ip4:152.163.225.0/24
ip4:205.188.139.0/24 ip4:205.188.144.0/24 ip4:205.188.156.0/24
ip4:205.188.157.0/24 ip4:205.188.159.0/24 ip4:64.12.136.0/24
ip4:64.12.137.0/24 ip4:64.12.138.0/24 ptr:mx.aol.com -all"
The nice thing about this scheme is that it meets ALL the requirements
1,2,3,4,5,6 and looks pretty good on 7.
I am all in favor of using _spf rather than a txt record at the
domain level for all the reasons Phill has outlined. I understand
that not all DNS implementations support an '_' in the label but
bind does and probably a lot of others do too. Why not support
both with a very strong emphasis on using _spf if the DNS implementation
for the domain allows it. Query for _spf.current_domain first and
if no result query current domain.
It would be very helpful to have some data on how many domains can
not publish with the _spf label.
John Capo
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡