spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Modifications to SPF for Mask function

2005-03-28 08:28:00
from [Scott Kitterman] [Permanent Link] 
...... Original Message .......
On Sun, 27 Mar 2005 14:46:09 -0500 Radu Hociung <radu(_at_)ohmi(_dot_)org> 
wrote:

Scott Kitterman wrote:

The reason is technical: the DNS reply packet has a limited amount of 
payload capacity. This may be very small, in the case of numerous 
authoritative records. Combined with the load sharing features of (most) 
DNS server software, it would mean that if the ammount of TXT data found 
for a host name exceeds the UDP packet size, the DNS software may do 
load-balancing, and omit one of th TXT records, at random.

You can see how this hurts both SPF1 and SenderID equally, and this is 
counter productive.



This exact point was extensively discussed on MXCOMP and a rough 

consensus 

on the current approach was reached.  Even if the entire archive is to 

much 

to swallow (I understand), reviewing that discussion might be fruitful.


I'll try to find it and understand the decision.


It does, however, cause Sender ID to have to ALWAYS look two places 

instead 

of one for TXT records.  I doubt they would regard this as an effiency.


It wouldn't... the backwards compatible way I suggested is:

Query domain.com
If it contains SPF1,
    Query _pra.domain.com
else
    Quit


Yes, it does look like 2 queries. But assuming that the system 
implementing PRA also implements SPF, the result of the domain.com query 
costs nothing, as the result is already in the local DNS cache.


Why do you make the assumption that anyone who checks PRA will also check 
SPF?

OK.  Your example proves my point.  If MS were to move their SPF2.0/ 
records (I assume you would want SPF2.0/mfrom records to move too) then 
there would always be an additional DNS query required.  Whether you count 
it 0 to 1 or 1 to 2, it's still one more.

BTW, in your proposal, where do you suggest SPF2.0/mfrom records be put?


This also affords the SPF/PRA compilers the opportunity to put both 
records in the domain.com space if they are small enough, and in that 
case, 1 query finds both.

So really it is only 1 expensive query, and one cheap/free query if the 
records are big.


So what you propose is that the SPF2.0/pra record only move if it's big?  
How would a receiver know if the lack of a SPF2.0/pra record at example.com 
was because there was no SPF2.0/pra record or because it was a big record 
located at _pra.example.com?  Wouldn't they have to do a TXT query at 
_pra.example.com to find out?

Scott Kitterman
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Need for Complexity in SPF Records, Radu Hociung
Next by Date:  Re: Need for Complexity in SPF Records, David MacQuigg
Previous by Thread:  Re: Modifications to SPF for Mask function, Radu Hociung
Next by Thread:  Re: Modifications to SPF for Mask function, Radu Hociung
Indexes:  [Date] [Thread] [Top] [All Lists]