I assume that you would like, that the SPF specification is extended with:
"If DNS lookup fails, try to look up http://domainname/spf.txt"
In many cases, this will give a timeout, because http://domainname/ doesn't
exist. If your mailserver receives a million smtp requests a day, you would
have to make a million http lookups a day, which means that you might have to
buy more servers to handle the load. Also, you would get many complaints from
people that you are hitting their webserver with a lot of requests, because
somebody else is abusing their e-mail address. Basically you would get
complaints because you implemented SPF. A denial of service attack on a
webserver would also get easier: Write a virus where the sender address is
always using the same domain name... This would make mailservers all over the
world trash the webserver.
A lot of people that I know, responsible for big e-mail systems, would not put
SPF filtering into their systems, if it contained http lookups on people's
webservers. This means that putting http into SPF slows down adoption, and we
wouldn't like that, would we?
So basically, http is not going into SPF because we don't want it there for a
billion reasons.
Lars.
-----Oprindelig meddelelse-----
Fra: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com på vegne af Stefan
Engelbert
Sendt: to 15-04-2004 14:25
Til: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Emne: RE: [spf-discuss] Publishing of SPF Records
But why would it kill SPF? If I own domain abc.com I will be the only one who
can create http://abc.com/spf.txt
so how can somebody else provide SPF functionallity to my abc.com domain?