spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Re: rr.com and SPF records

2005-03-18 12:34:06
from [Guy] [Permanent Link] 
The rr.com DNS lookup limit of 10 issue started Feb,24 2005 by Stuart at
bmsi.  Stuart noted rr.com required 78 lookups.
http://www.gossamer-threads.com/lists/spf/discuss/17934

17 more posts on the subject, then

Feb 27, 2005 Radu at ohmi said:
"Say that you have a vanity domain record that references 3 MX's (#1 has 
2A records, #2 has 3A records, and #3 has 2A records). This adds up to 
10 queries. If any of your service providers (work, home, cottage) adds 
an extra outgoing mail server, they probably won't inform you, but your 
record will break."

This was the first hint that ISPs should use a limit much less than 10.
But, Radu did not state it as such.  Also, Radu expects to use 3 ISPs!

10 more posts on the subject.  That thread ended.  It was not about rr.com,
it was about DNS lookup limits.

Mar 16, 2005, Julian Mehnle started a new thread about rr.com.

19 more posts on the subject, then

Mar 17, 2005, Alex van den Bogaerdt pointed out that someone else may need
to include rr.com.

Almost a month went by before someone said an ISP should use a limit less
than 10.  Even then no exact figure was given, other than my 9 or 8.  So,
no, it is not obvious!  The spec SHOULD have a section that explains that
ISP's SHOULD limit DNS lookups to x, and why.  x still need to be defined
IMO.

I may be playing devil's advocate here.  However, I do want SFP to be a
success.  If everyone just comes here to say how wonderful SPF is, then
nothing else will be done and SPF will stagnate.

Guy

-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of Frank 
Ellermann
Sent: Friday, March 18, 2005 1:01 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: [spf-discuss] Re: rr.com and SPF records

Guy wrote:


ISPs should limit the number of lookups to 9 or 8 so that a
customer could use "include:ISP.com".  Is this noted as a
SHOULD in the spec?


No, it's kind of obvious, and you could bypass restrictions
by copying parts of the sender policy instead of an "include".

Not good enough for some per-user policy tricks, and to copy
policies of 3rd parties is a PITA, so I hope that ISPs try
to limit their use of DNS-mechanisms and redirect=.  And I do
hope that the next generation of SPF wizards and validators
can count to ten.  
                   Bye, Frank


-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Read the whitepaper!  http://spf.pobox.com/whitepaper.pdf
To unsubscribe, change your address, or temporarily deactivate your
subscription, 
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: RE: rr.com and SPF records, Guy
Next by Date:  Draft ammendments on DNS lookup limits, Radu Hociung
Previous by Thread:  Re: Re: rr.com and SPF records, Radu Hociung
Next by Thread:  RE: Re: rr.com and SPF records, Len Conrad
Indexes:  [Date] [Thread] [Top] [All Lists]