On Tue, 2004-06-01 at 15:46, Stuart D. Gathman wrote:
There is actually no need for any mechanism other than exists. The other
mechanisms exist only as an optimization for common checks which can be safely
performed on the receiving MTA without consulting the sender domain.
This is an excellent way to think of it, and perhaps the spf website
should present it like this. I think a lot of people think of exists as
being the "hard-way" -- you have to setup a custom DNS server, and all.
If walking people through creating SPF records generated possible exists
directives, and then showed how those can be converted to the
"shorthand" directives that don't require a custom DNS server, this
might help people see the simplicity.
All
sender policies would then be interpreted by the DNS responder using whatever
syntax or language the sender so desires - be it XML, .NET, VB, Python, Java,
Scheme, or what have you.
Excellent! This sounds like some DNS hosters might be able to offer
something like this as a premium service. There's nothing saying that
exists needs to check a server that is in the same domain the mail is
coming from (possible DOS here?, but I think this has been brought up
before). I envision this premium service saying something like "Put
this text
v=spf1 exists:%{s}.%{o}....spfhelper.example.com -all
in your SPF record, then go to http://spfhelper.example.com/ to
configure your domain's settings" or some such. They can write whatever
interface they want to allow people to configure their SPF settings, and
you only need to manipulate the DNS records once.
--
Andy Bakun <spf(_at_)leave-it-to-grace(_dot_)com>