spf-discuss
[Top] [All Lists]

Re: inherited SPF record

2004-08-05 01:43:22
On Thursday, August 05, 2004 4:05 AM, Koen Martens wrote:
You've answered your question yourself. If you choose to not choose spf,
your mechanism could force people into having to adapt to spf records
higher up. It should rather be the case that by doing nothing (ie not
publishing spf), nothing changes for you.

Except that from the way I'm thinking about it, only the domain owner will
be editing the SPF record.  If the domain owner has delegated higher-level
domains out to users, then he should add the "do not inherit" flag.  A
domain owner can add tons of records that would negatively impact the users
of his domain -- it's his responsibility to impact his users, or not.  If
we're trusting admins to do fancy things like macro expansion and cidr
expressions, asking them "should this record be inherited for all
subdomains?" should be a trivial question.

All I can say is: write scripts that handle the administrative loads for
you. Not that difficult to accomplish with perl or any other
contemporary scripting language.

Even thought it feels icky, I agree scripting out of the problem is easy.
But be clear: you're asking every DNS administrator to more-than-double the
size of their DNS database (sql, flat-files, or otherwise).  This isnt a
problem for the guys with >500,000 records, but when you get into the
a-million-records-in-this-domain, and 200+ million records in all domains,
that adds up....

I guess we can agree to disagree :)

Jeremy Kister
http://jeremy.kister.net/


<Prev in Thread] Current Thread [Next in Thread>