[Phil Howard]
What will be the implications of leaving out
XML and thus any parts that depend on it?
Hint: I won't be running on a Microsoft OS.
What does your OS choice have to do with anything? XML is an open,
patent-free standard, and has hundreds (thousands?) of different
implementations on Linux, BSD, etc.
Or are you so afraid of anything having to do with Microsoft that you
won't use XML just because they like it?
Now, if you don't want to use the XML portions of the new SPF that's
your prerogative, but you will eventually be left behind. XML is the de
facto standard data interchange format of the modern internet, and the
whole point of using XML for SPF is so that implementers don't have to
write an SPFv1 parser, they just use whatever XML parser they like.
XML's verbosity isn't that significant in this case anyway, since DNS
caching requires only one retrieval from each recipient's site per day
(or even less frequently).
Looking at my DNS cache right now, I see the _ep.microsoft.com TXT
record in there. It's 238 bytes (the line breaks are mostly mine):
<ep xmlns='http://ms.net/1' testing='true'><out><m>
<mx/><a>213.199.128.160</a><a>213.199.128.145</a><a>207.46.71.29</a>
<a>194.121.59.20</a><a>157.60.216.10</a><a>131.107.3.116</a>
<a>131.107.3.117</a><a>131.107.3.100</a>
</m></out></ep>
They have the TTL set to 1 hour because they're testing, but in
production this could be set to a day or even longer. Sending 238 bytes
per recipient domain per day is not a big deal IMHO. Nor is having an
XML parser installed on the MTA, since so many fast, secure, and free
parsers are available. The set-up and tear-down time for an XML DOM this
small in memory is likely to be just as small as it is for an SPFv1
parser, especially since there are so many well-optimized XML
implementations out there.
Microsoft's Caller-ID record is bigger than most would be, too. My
Caller-ID record would be just 56 bytes:
<ep xmlns='http://ms.net/1'><out><m><mx/></m></out></ep>
That's only 32 bytes larger than my SPFv1 record. I wish all you
MS-bashers out there would stop arguing about the huge "overhead" of 32
bytes per recipient domain per day. IT JUST DOESN'T MATTER. Using
standard XML is fine, and probably a better idea than having a bunch of
buggy and insecure SPFv1 parsers that were written from scratch.
Regards,
Ryan
=========================
All problems can be solved by diplomacy, but violence and treachery are
equally effective, and more fun.
-Anonymous