spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Are SPF fault tolerant ? How to make SPF records changed correctly ?

2004-07-12 13:26:21
from [Meng Weng Wong] [Permanent Link] 
On Mon, Jul 12, 2004 at 11:06:54PM +0300, Andrew G. Tereschenko wrote:
| Can somebody clarify me this situation:
| 
| All messages are 550 blocked becouse of "-all" SPF rule and IP unknown to
| our clients.
| 
| Do our new server must keep retrying all 550 delivery errors ?
| How we can separate valid 550 from SPF 550 ? Will be "Local Policy" error
| message search okey (nothing about this in "Fail" error) ?

Interesting point.  We can talk about allocating a new DSN
codepoint for SPF failures.

| 2. Another sitiation. We found that work-load of our current server
| increased (or pricing on another ISP are better) so we need to move to
| another ISP.
| How many time (based on TTL) it will take to move our server to send emails
| correctly without "550" retries ?

If you can plan these things ahead of time, you can arrange
the TTLs to create a seamless transition.

| 3. One more. We do not change ISP. But our ISP willing to change IP netblock
| they own OR simply change an IP of our server OR change IP address of
| dial-up pool we used to send emails.
| The same question - how to do this correctly ? Do we have to delegate our
| DNS management in addition to server management to ISP ?
| Or we must take such a change burden on ourself ?

It rather depends on the situation.  If you have enough
warning of what will occur, you can lower TTLs yourself, and
add the new servers to the record ahead of time.

| Is there any recomentations on TTL for SPF records and caching/validation
| process other that http://www.ietf.org/rfc/rfc1537.txt recomended TTL
| (downtime) = 1 day ?
| Can you document all requered steps how to change SPF records data for
| situations described above ?

The necessary adjustments should be self-evident to any
experienced DNS administrator.

| AFAIK, Nothing like this will happen for DomainKeys. Cached DNS values will
| only benefit them - do not hurt in such a situations.

You can set up an analogous situation with "what if an
employee steals the private key and we need to change the
published public key in DNS, what is the best TTL for
employees who steal our private key?"
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Re[4]: Is there is proposed checks on bounces and delivery notification ?, Roger Moser
Next by Date:  Re: "redirect" in an included SPF record, Frank Ellermann
Previous by Thread:  Are SPF fault tolerant ? How to make SPF records changed correctly ?, Andrew G. Tereschenko
Next by Thread:  Re: Are SPF fault tolerant ? How to make SPF records changed correctly ?, Andrew G. Tereschenko
Indexes:  [Date] [Thread] [Top] [All Lists]