> > > As I understand it, an SPF query generated by a receiver does not
include
> > > the sender's IP address in that query. That IP address is passed as
one of
> > > the arguments to the check_host() function, but it is not used when
> > > check_host() constructs the SPF query. The DNS server which
receives the
> > > query, therefore has no ability to run the SPF check itself, or to
log the
> > > IP for later forensics, etc.
> >
> >The IP address can be made available to the DNS server, by using the
'i' macro
> >letter to insert the IP address into some extended form of the domain
to be
> >queried, thus making it available to the domain owner for validation,
> >analysis, etc..
>
> I don't see how this works. The 'i' macro, to the DNS server, is nothing
> but a pattern ( like %{i} ) to be sent as part of a string in response to a
> query from the DNS client. As I understand it, that 'i' macro is expanded
> on the client side, so the server never sees the actual IP address. What I
> am proposing is that the actual IP address be sent in the original query.
One of the 'ground rules' of SPF (current versions) is that is should not
require any change to the existing DNS protocols.
Then SPF is already sunk. It requires a new resource record.
Now there is nowhere within
the current _protocol_ in which you could carry the IP address information
required, so one has to resort to a 'trick'.
I would be very surprised if the designers of DNS did not anticipate the
need for new and different information to be added to a query. Looks to me
like they even have an "additional information" field for that
purpose. Please tell me where I find any prohibition on adding additional
information to a query.
-- Dave
************************************************************ *
* David MacQuigg, PhD email: dmquigg-spf at yahoo.com * *
* IC Design Engineer phone: USA 520-721-4583 * * *
* Analog Design Methodologies * * *
* 9320 East Mikelyn Lane * * *
* VRS Consulting, P.C. Tucson, Arizona 85710 *
************************************************************ *