spf-discuss
[Top] [All Lists]

Re: Underscores - refresh my memory...

2004-01-16 10:21:58
On Fri, Jan 16, 2004 at 07:27:41AM -0800, Brian Hatch wrote:

| 
| 
| > I used zoneedit.com and they will not support the "_". That last 
| > comment I got is that the "_" is not a legal character so they will not 
| > support it. If someone can prove to them that it is legal they "may". 
| > BTW, I think the blocking is in their web interface not the DNS server.
| 
| Just out of curiosity, since when have underscores become valid again?
| 
| Or are they merely invalid for hostnames, but not for other records?

Underscores are not valid as hostnames, but they are valid as labels in the
domain name system protocol.  So you should be able to use them, but they
would not be valid hostnames for that use.  That seems fine for SPF since
this isn't a host, but a specific control label.  One trouble is that many
systems, including possibly domain name server software, but more likely
registrar and other control panel systems, may be excluding characters not
valid for hostnames, and worse, may be using them in special ways to tag or
tuple their internal data strings.  For example, I append "_" followed by
a code number, on the end of filenames where I store log entries of spam
being blocked.  I store those log entries by a number of criteria, including
the rDNS of the SMTP peer (if it was known), the recipient email address,
and the likely forged sender email address.  Fortunately, that use won't
break anything since it is always at the end, and if a "_" were to appear
in the name for some reason (goofy sender forging, or rDNS spoofing), it
won't actually interfere with how I use it.  But I cannot say if others have
done things in unbreakable ways.

One character I know I will have some trouble with is "/".  That is because
a new DNS server program I am designing will (by default) check domain names
being queried by opening the full queried name in a configured directory to
see if answers and/or policy is described there.  It will also have trouble
with the "\0" character, and I think even that works with DNS (since DNS
uses a 6 bit length prefix for each label, instead of zero termination).
Of course I can get around the "/" trouble by translating it to "%2F" or
some such thing.  But then that makes it possible to have a full domain name
that would be at the DNS limit of 255 characters exceed my filesystem name
length limit of 255 characters.

If you limit character codes to 0x21 through 0x2e and 0x30 through 0x7e,
then I will be happy.

-- 
-----------------------------------------------------------------------------
| Phil Howard KA9WGN       | http://linuxhomepage.com/      http://ham.org/ |
| (first name) at ipal.net | http://phil.ipal.org/   http://ka9wgn.ham.org/ |
-----------------------------------------------------------------------------

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡


<Prev in Thread] Current Thread [Next in Thread>