spf-discuss
[Top] [All Lists]

RE: Re: Draft ammendments on DNS lookup limits

2005-03-24 10:32:59
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Frank 
Ellermann
Sent: Saturday, March 19, 2005 10:39 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: [spf-discuss] Re: Draft ammendments on DNS lookup limits


Scott Kitterman wrote:

My primary ISP has 10 mechanisms in it's SPF record.  Under
your scenario, I can't even include them.

Worse, you can't include it under draft-schlitt-spf-classic-00
as discussed by the IESG and announced by the Council.  If it's
a problem you have to convince Wayne and / or the Council, that
a single overall query counter with a limit of maybe 40 or more
is better than the magic 10+10*10.

Exactly what Radu proposes, only with a very different limit.

1 - kitterman.com text =
"v=spf1 include:webmail.pair.com ip4:64.32.194.73 ?ip4:204.127.202.0/24
 ?ip4:204.127.198.0/24 ?ip4:216.148.227.0/24 ?ip4:63.240.76.0/24
 ?a:relay.pair.com ?mx ?include:megapathdsl.net ?ptr:mail2web.com -all"

2 - webmail.pair.com text = "v=spf1 ip4:66.39.3.0/24 ip4:209.68.3.0/24"
3 - GetHostByName( relay.pair.com )
4 - kitterman.com mail exchanger = voot.pair.com
4.1 GetHostByName( voot.pair.com )

5 - megapathdsl.net text =
"v=spf1 a mx a:front1.mail.megapathdsl.net a:front2.mail.megapathdsl.net
 a:front3.mail.megapathdsl.net a:fe.mail.megapathdsl.net
 a:back1.mail.megapathdsl.net a:back2.mail.megapathdsl.net
 a:back3.mail.megapathdsl.net a:sean.mail.megapathdsl.net -all"

6 - GetHostByName( megapathdsl.net text )
7 - megapathdsl.net mail exchanger = mail.megapathdsl.net
7.1 GetHostByName( mail.megapathdsl.net )
8 - GetHostByName( front1.mail.megapathdsl.net )
9 - GetHostByName( front2.mail.megapathdsl.net )
10 - GetHostByName( front3.mail.megapathdsl.net )
11 - GetHostByName( fe.mail.megapathdsl.net  ) skipped => PermError

?? - PermError back1
?? - PermError back2
?? - PermError back3
?? - PermError sean
?? - PermError -q=ptr

16 queries, far beyound the limits in spf-classic-00.  It probably
would work for an overall 40.  I haven't checked the ptr, but at the
moment it MUST not be more than 10, and then 16 + 2 + 10 = 28 < 40.

                     Bye, Frank

Thanks for pointing that out.  Megapathdsl.net have now updated their
record:

megapathdsl.net.        8640    TXT     "v=spf1 a mx ip4:66.80.60.0/26
ip4:66.80.130.0/30 -all"

So I think I'm back in business.

Scott Kitterman