IMHO, PTR is nothing more that exists:RSPF.jrandomdomain.com
Currently it's actively used for DNS relay block lists. But it can be used for
white-lists too.
It's usable only if you are lazy and willing to support both A/MX records in
your DNS and PTR records in your ISP zone.
To remove dependence on your ISP you can create matching reverse IP SPF records
for all A/MX record you own.
Consider following fact - changing PTR record usually requires you to call your
ISP. While exists: will be completely under
your control.
As well PTR look up require at least additional 2 DNS requests, while exists
will require only one.
Compare :
1. PTR lookup
Obtain SPF record TXT for jrandomdomain.com.
(This will also obtain SOA/NS for jrandomdomain.com)
1st request: Obtain PTR record for 4.3.2.1.in-addr.arpa
(This will also obtain SOA/NS for in-addr.arpa sub-domains)
2nd (or even more) request: Obtain A/MX records for _all_ names listed in PTR
data that from jrandomdomain.com.
(This will most likely use SOA/NS obtained from SPF record)
2. exists lookup
Obtain SPF record TXT for jrandomdomain.com.
(This will also obtain SOA/NS for jrandomdomain.com)
One request: Obtain check if record for 4.3.2.1.RSPF.jrandomdomain.com exists
(This will most likely use SOA/NS obtained from SPF record)
I see clear benefit from "exists".
It increases required DNS zone data - but reduce lookup timing and
administrative burden.
As well it give you complete control over IPs allowed to send mail.
The only possible drawback is dynamic-DNS registrations.
During DDNS registration it's possible to register both A and PTR record inside
your zone for IP obtained from DHCP.
But this has effect only to those who has control over both domain and
in-addr.arpa zone. This is rare.
PTR is an evil
--
Andriy G. Tereshchenko
TAG Software
Odessa, Ukraine
http://www.24.odessa.ua
----- Original Message -----
From: "Roger Moser" <roger_moser_spf(_at_)greenmail(_dot_)ch>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Monday, July 19, 2004 1:32 AM
Subject: Re: [spf-discuss]SPF is not usable as legal measure against spammers
Nico Kadel-Garcia wrote:
For the 'ptr' mechanism to match, the reverse lookup does not have to
correspond to the forward lookup, but the forward lookup has to
correspond to the reverse lookup.
Does it? Can you point to that in the spec, please?
Section 4.6
Otherwise, J. Random mailhoster who has never published anything other
than a PTR and TXT record for outgoing.jrandomdomain.com, must also
create an A record or an MX record for outgoing.jrandomain.com.
Yes, if he has "ptr:jrandomdomain.com" in the SPF record, then he must have
an A record for outgoing.jrandomain.com that points back to the IP address.
In the DNS world, PTR's can be published by domains and IP address
ranges not owned by domain they point to!
But these domains cannot publish an A record that points back to the IP
address because they don't own the domain they point to.
It seems that the 'ptr' mechanism is the least understood mechanism. So
please read section 4.6 and then read it again.
"ptr:example.com" is the list of the IP addresses pointed to by A records in
the example.com zone and that have a PTR record that points to example.com.
Roger
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Send us money! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com