On Mon, Dec 20, 2004 at 04:43:17PM -0500,
Ramgopal, Ram <Ram(_dot_)Ramgopal(_at_)fmr(_dot_)com> wrote
a message of 79 lines which said:
I work for a company which owns hundreds of domains and thousands of
hosts with A records. This is probably true with Fortune 500
companies.
No need to brag. ISP, even small ones, typically have more domains
than that.
To prevent our domains getting spoofed, strictly speaking, we should
publish SPF TXT for all of them.
Yes.
There are practical difficulties in specifying SPF records for so
many DNS entries. The current SPF TXT specification model does not
scale well for large installations.
I do not think that there is a Fortune 500 company which manages its
XXX domains by hand, with an army of monkeys editing zone files with
vi! They certainly use a ten-lines script in Perl / Python / Haskell /
M4 / whatever to generate the zone files.
With such an automated tool, adding a SPF record for every host is no
more difficult than adding a MX record per host (to work around the
implicit MX rule).
(The popular h2n tool adds automatically a MX record per host but not
- yet - a SPF record.)
Is there a plan to incorporate a default SPF TXT specification at
the zone or at the top domain level? Such an arrangement is highly
necessary.
I'm not sure it's worth the difficulties, giving the facts that every
serious holder of > 10 domains already have a script ready, in their
favorite scripting language.