wayne wrote:
"Count directives without ip4 or ip6" is a very simple
recipe.
Yes, and that is basically what I propose.
Okay, I confused your "5 MX" with 5 MXs, but actually you
meant "5 mx directives", is that correct ?
If yes, then my single counter a+mx+ptr+include+redirect=
is simpler, because it's only one magical number for ALL
processing limits, and the sender policy author has more
flexibility to distribute it on directives as he sees fit.
You have 4 magical numbers: x MX, y PTR, 10 check_host(),
20 seconds. I've only one magical number: z directives.
In all of the SPF drafts, a timeout causes a TempError
Yes, sorry. And that's good enough together with a hard
limit of z directives.
the spec not allowing *any* timeout could cause very
real DoS problems.
What's the normal timeout for a DNS query ? I don't want
too many implementation details in the spec. Do you know
the term "over-specification" ? It's the evil brother of
KISS, it leads to a spec. which is so long that _nobody_
ever reads it, and people understanding at most 10% of it
then write FAQs / howto-s / cook books. <shudder>
Or they ignore anything but some of the examples. We're
already at 90 KB now.
It really doesn't make much sense to have a PTR RR for
an IP address that points to a name that, when looked up,
won't return an A RR with that IP address. When would
this ever happen?
It's in one of the PTR examples in the SPF spec. <gd&r>
Okay, I was just curious.
you need to talk to Meng and Mark about that then.
No, I won't bother Meng with v=spf1, unless he has funny
ideas to (ab)use it for PRA. Meng is spf2.0 and beyond,
and at the moment the v=spf1 "shepherd" is Mark.
Mark and Meng didn't listen. Or, at least, they didn't
listen to me. Maybe they will listen to you.
IMHO Meng left the v=spf1 scene months ago. He's now
waiting for us to finish our "minor quibbles" and then
to discuss spf2.0. But first I want a rock solid RfC.
Bye, Frank