Its good that SPF is NOT stored at the _SPF subdomain.
There are lots of hosted DNS outside and they dont support subdomains.
For example I was only able to publish the SPF but NOT able to publish
the CID record for that reason.....
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of
william(at)elan.net
Sent: Friday, May 21, 2004 10:45 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] The New SPF: overall outline
On Fri, 21 May 2004, Roger Moser wrote:
Michael r. Brumm wrote:
There are good reasons that SPF, Caller-ID, and DomainKeys ALL
currently use TXT records.
But Caller-ID and DomainKeys store the TXT record at the
subdomain _ep
and _domainkeys respectively. Whereas the SPF record is mixed with
other TXT records.
What was to reason to not store the SPF record at the _spf
subdomain?
I don't know original reason, but benefit that comes out
putting record directly at domain level is ability to setup
wildcard records that apply to all subdomains as well. But
this comes out of price that we overload TXT record that may
possibly be used for some other reason then SPF (in fact
multiple TXT records maybe received so DNS response may
exceed 512 bytes even if each SPF record was quite small).
That is why it would be better to use seprately assigned dns
type (which Microsoft is opposed because windows can't be
quickly upgraded to support it).
The benefit that comes out of putting record in the specially
named subdomain is that we know for certain such subdomain
TXT record would be for SPF use. But this comes out of price
that wildcards can not ever be supported (which has already
been seen as a problem with SRV records which used this
approach and now number of usefull things that could be done
with them is not possible).
My personal opinion is that we need separate types assigned
for SPFID and one for Domainkeys (more general type to be
used to store certificates).
With domainkeys I'll be in contact with Yahoo to see if they
agree to support applying for new record type - but it can be
noted that for domainkeys its less of a problem since
wildcards are not needed for their records since exact
certificate location is specified in the header.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
-------
Sender Policy Framework: http://spf.pobox.com/ Archives at
http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/spf-draft-200405.txt
Wiki:
http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily
deactivate your subscription, please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
This mail was checked for malicious code and viruses
by GFI MailSecurity. GFI MailSecurity provides email content
checking, exploit detection, threats analysis and anti-virus for
Exchange & SMTP servers. Viruses, Trojans, dangerous
attachments and offensive content are removed automatically.
Key features include: multiple virus engines; email content and
attachment checking; an exploit shield; an HTML threats engine;
a Trojan & Executable Scanner; and more.
In addition to GFI MailSecurity, GFI also produces the
GFI MailEssentials anti-spam software, the GFI FAXmaker
fax server & GFI LANguard network security product ranges.
For more information on our products, please visit
http://www.gfi.com. This disclaimer was sent by
GFI MailEssentials for Exchange/SMTP.