Roger Moser" wrote:
Meng Weng Wong wrote:
if we did this, it would be difficult to support wildcard
subdomains.
With
*.example.com TXT "v=spf1 a mx -all"
"dig txt _spf.mx1.example.com" returns "v=spf1 a mx -all".
So what is the problem with wildcards?
Roger, Nice catch.
I realy wonder why I was unable to understand this myself :-)
Buggy DNS servers can answer all TXT queries - not only needed SPF.
Even more - currently proposed wildcard workaround:
*.example.com TXT "v=spf1 a mx -all"
will generate a bunch of traffic for wrong queries like a
nslookup -q=any www.example.com
and it's will be impossible to separate if user realy use tricky optimised
query for SPF to verify email comming from
spammer(_at_)www(_dot_)example(_dot_)com or it
simply has wrong DNS client implementation.
Forcing all SPF queries to use "spf" prefix will solve a lot of problems. In
future all "spf TXT" queries can be directly mapped to new record type
without prefix.
Looking forward for specs changes,
--
Andriy G. Tereshchenko
TAG Software
Odessa, Ukraine
http://www.24.odessa.ua