In
<5D2A48CAB588334D988A9407DDE02F09033EDBB7(_at_)mailserver(_dot_)gfimalta(_dot_)com>
"Stefan Engelbert" <stefan(_at_)gfi(_dot_)com> writes:
Why is publishing sticking so strictly to DNS? If http publishing would
be allowed as well lots of lowcost Domain
owners would be able to publish their records.
There are quite a few reasons to restrict the SPF record publication
to DNS:
* DNS is *FAR* cheaper to check than things like HTTP. I'm guessing a
factor of 10 or so in terms of both bandwidth and time.
* SPF records are closely related to the mail server addresses. Mail
server addresses are recorded in the DNS, so it makes sense to have
SPF records in the same location. It is more likely to be
maintained that way.
* Software to fetch DNS records is pretty common in most languages and
any SPF implementation needs to do general DNS lookups anyway.
Software to fetch stuff via HTTP or FTP is less common and tends to
be far more bulky, with features that are not at all needed for what
SPF needs.
* Being able to add stuff to a domains zone file is generally more
tightly controlled and more secure than access to their website.
Therefore, you can be more certain that the SPF records you receive
from DNS reflect the domain owner's wishes.
The last two items are fairly weak reasons, but the first one is
pretty critical.
-wayne