-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Meng
Weng Wong
Sent: Friday, September 17, 2004 1:20 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: [spf-discuss] Re: "include" directive in -03 SPF draft
forwarded by request of Victor Duchovni, who is a respected
contributor to the Postfix project among other things.
On Fri, Sep 17, 2004 at 12:37:48AM -0400, Victor Duchovni wrote:
|
| [ Please recirculate as appropriate, even if you disagree, I hope that
| this point of view will at least get a fair hearing. Perhaps it has
| already and I am beating a dead horse, if so sorry... ]
|
| I would like to humbly suggest that the "include" directive is
unwise. It
| makes zone administration easier at the cost of much more complex,
| recursive possibly looping query requirements on clients. This is IMHO
| the wrong tradeoff. Configuration of identical SPF data in
multiple zones
| should be entirely the responsibility of the zone file administrator who
| can use "include" directives, macros, scripts, and many other tools to
| ensure consistency of SPF data accross multiple domains.
|
| If we are to learn anything from Dan Bernstein's less than politically
| correct, but without a doubt insightful observations on DNS, it is
| than all features that shift the cost of indirection onto the resolver
| are bad. He rightly rails against A6 records, which are deprecated,
| he corrrectly encourages always "in-bailiwick" NS records (which are
| now the norm since Verisign no longer requires a unique hostname for
| each glue IP). He correctly suggests that indeed were DNS redesigned,
| the burden of converting NS->IP should have been on the server, with
| the on the wire syntax IP valued and names only used as administrative
| convenience in zone files.
|
| Not all of this universally accepted dogma, but I is IMHO reasonable to
| give this point of view due consideration. Please reconsider
the decision
| to burden the standard with client visile "include" directives, this
| should not I think be exposed outside the owners zone management tools.
|
Then we need an alternative that will work. Without include: it would be
impossible for me to build a comprehensive SPF record. In the long term, if
SPF were integrated with CSV, I can see how one might use an appropriate CSV
pass during the current SMTP session as an alternative. For SPF alone, I
don't know how a specify all my ISPs SMTP servers as permitted senders
without include: (note that for me redirect isn't an alternative that would
work).
Scott Kitterman