spf-discuss
[Top] [All Lists]

Re: Draft - DNS Naming Convention for Outbound Internet Email Servers

2004-04-20 04:42:25
Spf Pobox wrote:
I've checked carefully, and looks like no one else has posted this here

Another anti-spoof RFC proposal

http://serverauthority.net/draft-lorenzen-marid-mxout-00.txt

BTW I'm not that keen on it at first sight, but need more time to fully consider before being more detailed.

It appears to me that this proposal requires a PTR record pointing to something.mxout.example.com for each mail server authorised to send mail for example.com. Suppose though that a mail server is an authorised server for many domains, such as an ISP smarthost that is authorised to send for all of the ISP's customers' domains. That would require multiple (possibly thousands) of PTR records for that mail server, e.g.

PTR mx1.mxout.customer1.com.
PTR mx1.mxout.customer2.com.
PTR mx1.mxout.customer3.com.
PTR mx1.mxout.customer4.com.
PTR mx1.mxout.customer5.com.
...
PTR mx1.mxout.customern.com.

Whilst this may be "legal", it certainly isn't desirable. This also requires anyone checking for .mxout. conformance to grab *all* PTR records for an IP and potentially have to check every single one of them until it finds a match, which would be a lot of work and would require a lot of (TCP) bandwidth. Much existing PTR-checking code will return only the first PTR record found, and would probably need fixing.

Perhaps I've missed something?

Paul.