In
<5D2A48CAB588334D988A9407DDE02F09034177C1(_at_)mailserver(_dot_)gfimalta(_dot_)com>
"Stefan Engelbert" <stefan(_at_)gfi(_dot_)com> writes:
No they wouldn't; you fail to see a key problem here. Any
domain that didn't implement DNS-SPF would then be hit for
HTTP-SPF requests.
Effectively you make DNS-SPF compulsory for anyone not
wishing to suffer the HTTP penalty.
;-) - and they would hurry up to implement DNS access for their
customers....
Creating a nuisance (and possibly something close to an DoS attack) is
not a good way to win friends.
In my personal case you'd need over 12 web
servers in place of 2 DNS servers (of which I'd only need to
reconfigure the master one for any changes).
NO, you wouldnt since u have DNS and so not need the web server anymore.
http was ment to be a fallback mechanism in case no dns txt record
exist.
At this time, the vast majority of domains do not have SPF records.
Therefore, falling back to HTTP would mean almost every SPF check
would require an HTTP request.
This was all considered and discussed several times since last
summer. The cost of requiring HTTP checks was considered the key
problem, but there are many other reasons that have been repeated.
Since then, SPF has become popular enough that several DNS providers
have changed their system to provide TXT records for just that reason.
Therefore, I think the argument that there should be a fall-back to
some other protocol because not everyone can modify their DNS records
is weaker now than it was 6 months ago.
I think it would be far more productive to identify the DNS providers
that don't allow the creation of TXT records and trying to work with
them to get them to support TXT RRs. Could you provide a some
examples of who doesn't allow TXT records?
Lastly, Stefan, I hope you don't feel like you are getting beat up by
everyone's replies or that haven't taken the idea seriously. It is
just that since many of us *have* seriously considered the idea
several times, we are pretty quick with listing the problems.
-wayne