spf-discuss
[Top] [All Lists]

Re: Draft ammendments on DNS lookup limits

2005-03-18 14:28:06
Radu Hociung wrote:
Scott Kitterman wrote:

I'll be the first to object. Go look at my record and tell me how to make it less expensive? BTW, the ip4: mechanisms are a best guess for Comcast.

I'd be interested to see if you can figure a way to do mine in 10 queries or
less.  My DSL provider's record takes 10 by itself, and so once I include
that one, I'm already at 11.


Hello, Scott,

First, can we agree that SPF was not invented to resolve an individual's spam problem? I think that those with complicated setups should find solutions. Otherwise, there will always be someone with a more complicated problem than the specification allows, and we'll never find a solution that makes everyone happy.



Second, the answer to your question follows. There may be bugs in
spfcompile, and they will manifest themselves below. It is work
in progress, but I do think it shows promise.

  [root(_at_)sun src]# spfcompile -sender scott(_at_)kitterman(_dot_)com 
-flatten

  Compiled record (19 mechs, len 397, cost 2 queries):

  v=spf1 ip4:66.39.3.0/24 ip4:209.68.3.0/24 ip4:64.32.194.73
    ?ip4:204.127.202.0/24 ?ip4:204.127.198.0/24
    ?ip4:216.148.227.0/24 ?ip4:63.240.76.0/24 ?ip4:209.68.5.15
    ?ip4:209.68.5.16/31 ?ip4:209.68.1.20 ?ip4:209.68.1.210
    ip4:66.80.60.20/31 ip4:66.80.60.30/31 ip4:66.80.60.32
    ip4:66.80.60.36/31 ip4:66.80.60.38 ip4:66.80.130.3
    ?ptr:mail2web.com -all


Due to the fact that I used -flatten, you'll need to run a cron job to
refresh it, just in case one of your providers changes their mail
server config (which typically is very infrequently)

Without -flatten, this is a possible record:

  [root(_at_)sun src]# spfcompile -sender s(_at_)kitterman(_dot_)com

  Compiled record (12 mechs, len 221, cost 11 queries):

  v=spf1 include:webmail.pair.com ip4:64.32.194.73
    ?ip4:204.127.202.0/24 ?ip4:204.127.198.0/24
    ip4:216.148.227.0/24 ?ip4:63.240.76.0/24 a:relay.pair.com
    ?ip4:209.68.1.210 include:megapathdsl.net ?a:voot.pair.com
    ?ptr:mail2web.com -all


Regards,
Radu.


By the way, if you don't know the complete list of Comcast outgoing servers, your record should end with a softfail ~all, not a hardfail.

You mentioned you care about the reliability of your email. So you
should think your record more carefully.

Radu.




-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Read the whitepaper!  http://spf.pobox.com/whitepaper.pdf
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

Attachment: radu.vcf
Description: Vcard