On Thu, Apr 15, 2004 at 03:53:27PM +0200, Stefan Engelbert wrote:
No, not really. HTTP is a kind of fallback. Same as some implementation
use CallerID as a fall back....
Ok, i see your point now. A fall back. Then this is a fallback for the uncommon
cases where one can not publish spf records, and added to that it would be very
uncommon for most mx servers to even check the fallback option. Is it then
worth the trouble (as pointed out, with the dos attacks) to include it?
Wouldn't it be better to put this energy into getting TXT records ubiquitous.
Setting aside all other things, don't you agree that technically DNS is
preferred over http for spf??
People which are able to change their txt records like u dont need to publish
http.
Byt the would need to check http spf records!
Furthermore I agree fully with all the points made so far.
Although you can extend your counterargument that 'this is
all true for dns too' to a certain degree, the plain fact
that http uses much more resources (connection state
handling, bandwidth, parsing,
parsing? the content of the spf.txt is the same content as u get from the
dns. so
where is the difference in parsing?
Ok, take parsing of the list.. Still.. connection state handling, bandwidth..
Koen