On Thu, Mar 17, 2005 at 11:01:52AM -0500, Todd Herr wrote:
The record could be as simple as:
"v=spf1 exists:%{i}._spf.rr.com ~all"
The problem with our pursuing this angle right now is the fact
that our AUP does not prohibit servers being run in customer
space at present. We do not require that customers relay their
outbound email, even email from their @foo.rr.com address,
through our SMTP servers. (We also do not require that mail being
relayed through our SMTP servers be from addresses ending in
@foo.rr.com.) This would mean that we'd have to have a
single DNS zone with something like 4.5 or so million records in
it; large zones such as that do not transfer well between
servers. (I don't see wildcarding as an option here; would open
us to a DoS attack on the servers hosting the _spf.rr.com zone,
and would be the equivalent of +all, wouldn't it?)
It would mean you can remove "subnet 1, subnet 2 ... subnet n"
from dns (spf) and replace it with a single record.
The amount of data stays the same, you just place a layer between
what you know and what we get to see.
Currently you publish about 11 subnets (I didn't count carefully,
it may be 10 or 12) and we (our software) have to find out if an
ip address is a member of these subnets.
What I propose is that you replace this with a mechanism where
we would give the ip address to you, then you look it up and
respond match or non_match. This does not imply that you need
to change your policy.
It does imply that you can increase the amount of data being
processed at your end, without increasing the size of your
spf record(s). Should you need to have 128 subnets, you could
easily manage this on your end; it would probably be too much
do publish in an spf record.
As an added bonus, you could match login names against ip addresses.
Your customers may not be restricted in how they send their mail
but I don't think you allow them to use other customer's email
addresses, do you? Correlating mailboxes with IP addresses is
something a database should have no problem with.
HTH
Alex