On Fri, 21 May 2004, Roger Moser wrote:
Michael r. Brumm wrote:
There are good reasons that SPF, Caller-ID, and DomainKeys ALL currently
use TXT records.
But Caller-ID and DomainKeys store the TXT record at the subdomain _ep and
_domainkeys respectively. Whereas the SPF record is mixed with other TXT
records.
What was to reason to not store the SPF record at the _spf subdomain?
I don't know original reason, but benefit that comes out putting record
directly at domain level is ability to setup wildcard records that apply
to all subdomains as well. But this comes out of price that we overload
TXT record that may possibly be used for some other reason then SPF (in
fact multiple TXT records maybe received so DNS response may exceed 512
bytes even if each SPF record was quite small). That is why it would be
better to use seprately assigned dns type (which Microsoft is opposed
because windows can't be quickly upgraded to support it).
The benefit that comes out of putting record in the specially named
subdomain is that we know for certain such subdomain TXT record would
be for SPF use. But this comes out of price that wildcards can not ever
be supported (which has already been seen as a problem with SRV records
which used this approach and now number of usefull things that could be
done with them is not possible).
My personal opinion is that we need separate types assigned for SPFID
and one for Domainkeys (more general type to be used to store certificates).
With domainkeys I'll be in contact with Yahoo to see if they agree to
support applying for new record type - but it can be noted that for
domainkeys its less of a problem since wildcards are not needed for their
records since exact certificate location is specified in the header.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net