spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: SPF v1 draft for review

2004-10-06 10:42:45
from [spf] [Permanent Link] 
terry(_at_)ashtonwoodshomes(_dot_)com wrote:


May I humbly suggest that the documentation be explicit in this statement, i.e.
An SPF compliant check SHOULD lookup both types. 

Be changed to:
     An SPF compliant check SHOULD use both RR types, either by query for both 
RR types
simultaneously OR by query for RR of new type and if not found then proceed to 
lookup on the TXT RR
record type

Or in its weakest (but still explicit form):
     An SPF compliant check SHOULD use both RR types, either by query for both 
RR types
simultaneously OR by query for RR of one type and if not found then proceed to 
lookup on RR of the
other type

REASONING:  High volume or low connection speed servers may want to conserve 
bandwidth, and where
bandwidth is more precious then time, these alternative wordings allow a site 
to stop at the first
successful query (which is reasonable since both results are required to be 
identical).
I'd like to urge some caution about assuming that the values returned by the new RR and the TXT RR will be identical at all times. In the ideal world of our standard, they will. The standard should indeed encourage identical values, and network operators should/must do so. Operationally, though, there will be some drift. Operations staff may/will forget to update one of the pair for any of a variety of reasons, especially in organizations without fully automated DNS management. DNS caches may not refresh both records simultaneously. We may expect such divergent records to converge at some later time...seconds, or minutes in most cases, but perhaps effectively never. Those networks with high input volumes may experience such divergence for a relative eternity.
Given this problem of operational divergence of SPF-related RR's, I'd like to suggest we standardize a specific order of lookups, rather than use of the first of the two returned. This may appear to slow things down, but it does focus network operators on updating their records in the appropriate order. 

Consequently, I support the existing verbiage:
3.1.1 RR Types
...
"An SPF compliant check SHOULD lookup both types. If both types of records are returned for a domain, the SPF type MUST be used." 


Bryce Ryan
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Bug? Re: Weekly SPF discussion mailinglist stats for 10/04/04, Hector Santos
Next by Date:  PR director needed for SPF, Meng Weng Wong
Previous by Thread:  RE: SPF v1 draft for review, terry
Next by Thread:  Re: SPF v1 draft for review, william(at)elan.net
Indexes:  [Date] [Thread] [Top] [All Lists]