All this talk about compiling records puts us back to where we were at
the beginning about needing to do more to/on DNS servers than just add a
record to a zone file, the ease of which is another reason SPF has wide
mindshare.
I just don't understand the pessimism here. What is wrong with the
proposed solution - an SPF compiling daemon that runs alongside the
nameserver and gives us the best of both worlds? On the user-interface
side we have a full-featured syntax for describing any possible SPF setup,
and on the nameserver side a very efficient record that allows any SPF
check to be done in one query. There is not even a migration
problem. ISPs with simple records, like "+mx -all" will leave things as
is. Those that decide to install the new SPF daemon will continue to use
the same SPF syntax, but actually find it easier than creating complex
records with a text editor.
What Radu has done is taken a concern which seemed to many like pure FUD,
and showed that it is at least plausible. Whether that plausibility is
only 1 in 10 or near certainty doesn't matter, because the cost of the
solution is so low. In fact, I can't see any significant cost to making an
SPF compiler/daemon widely available.
I think it is time to move forward with the solution, and not worry whether
Radu's numbers are correct on the magnitude of the problem.
-- Dave
************************************************************ *
* David MacQuigg, PhD email: david_macquigg(_at_)yahoo(_dot_)com * *
* IC Design Engineer phone: USA 520-721-4583 * * *
* Analog Design Methodologies * * *
* 9320 East Mikelyn Lane * * *
* VRS Consulting, P.C. Tucson, Arizona 85710 *
************************************************************ *