spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: PTR problems

2004-11-30 16:51:03
from [Greg Connor] [Permanent Link] 


This topic has been discussed many times on this list, and is
definitely relevant. As long as there are those that would use reverse
lookup to verify email (SPF has so far side-stepped the issue for the
most part), the potential is there to run into problems like these.
The  domain owner is probably not even aware of this problem, although
I have tried to bring it to their attention. Because the reverse
lookup process is a  top down driven process, it is sometimes very
difficult to get the upstream ISP to resolve



On Mon, 29 Nov 2004, Mark wrote:

I do not subscribe to the idea that SPF should lax its checks because
someone's DNS might be broken. The only-ever solution to broken DNS is to
fix it. Pronto.




I agree with Mark.  The folks who suffer from poor in-addr.arpa service should
complain loudly and often to their service provider.  They really should have 
proper in-addr.arpa service -- if not, they are paying good money for internet 
service and getting put on something other than the Internet.

However, that should not prevent others of us from using ptr: mechanism if we 
want to.  If my ISP drops my in-addr.arpa service, and I'm relying on ptr: 
alone, my mail may be rejected, or delayed, or whatever.  That's the risk I 
take with using ptr: in my record.  (There is a similar problem with exists: 
-- the DNS server must be up for that to work.)  But let's not water down SPF 
because of it.  Those folks who choose to use ptr: can assume the risk.

I don't think the original post in the thread mentioned that we should get rid 
of ptr:, only that there are "problems associated with it".  It would probably 
be a good idea to mention this in a FAQ somewhere, so that people who use ptr: 
because it's convenient have been given fair warning.

--
Greg Connor
gconnor(_at_)nekodojo(_dot_)org

Everyone says that having power is a great responsibility.  This is a lot
of bunk.  Responsibility is when someone can blame you if something goes
wrong.  When you have power you are surrounded by people whose job it is
to take the blame for your mistakes.  If they're smart, that is. 
                -- Cerebus, "On Governing"
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  SPF implementation with fake DSN blocking via SRS, Tom Lahti
Next by Date:  RE: Attacking Domain Keys, Hallam-Baker, Phillip
Previous by Thread:  What is the load on DNS caused by SPF?, guy
Next by Thread:  CALL TO VOTE FOR THE SPF COUNCIL -- 4th REMINDER, jpinkerton
Indexes:  [Date] [Thread] [Top] [All Lists]