At 02:38 PM 3/29/2005 -0500, Scott Kitterman wrote:
>A typical top record might look like this one for rr.com:
>v=spf1
>m=24.30.203/24,24.28.200/24,24.28.204/24,24.30.218/24,24.93.47/24,2
>4.25.9/24,
>65.24.5/24,24.94.166/24,24.29.109/24,66.75.162/24,24.24.2/24,65.32.
>5/24 ... -all
>The ... redirects and such might never be needed if rr.com decides it can
>clean out the zombies in each of those /24 blocks.
Which, according to Todd, is already done.
>
>-- Dave
>
For SPF checking libraries that don't implement the mask (currently all of
them), that record would parse as:
v=spf1 -all
That should be "v=spf1 ... -all". The ... was intended to include all the
usual complexities for those checkers that don't understand the new mask
notation.
The mask only has potential to help once it's deployed and senders modify
their policies to use it.
Both methods have to be deployed before they can help. Either of these
will have to be built into the compiler. ( I hope you are not suggesting
that we teach users to write the "not.me" syntax. We'll have to put Frank
on the help desk. :>)
Regardless of the potential for increased effeciency, I think that a
significant change like this is going to have a hard time getting traction
in the market. If this sort of approach will appeal to people, then perhaps
we ought to concentrate in the near term on selling Frank's slightly less
efficient approach since it's fully compatible with the current syntax.
The masks will be generated automatically by a compiler. The compiler will
get market traction because it is easier and more fun than creating records
with a text editor, and it will be a webtool or a free download, not
requiring any DNS patches, etc.
The "include:not.me" syntax, as I understand it, can never provide a
one-shot DNS response, and once people start using it, we will never get
rid of it.
Spammers are not going to give up their lucrative business without a
fight. I can easily imagine them turning up the volume by a factor of 10
or even 100. I like the idea of having as the final defense, a "one-query"
mode where 90% of the legitimate mail gets through, and the spammers are
rejected at a cost not much more than they spend in sending their sh*t.
-- Dave
************************************************************ *
* David MacQuigg, PhD email: dmquigg-spf at yahoo.com * *
* IC Design Engineer phone: USA 520-721-4583 * * *
* Analog Design Methodologies * * *
* 9320 East Mikelyn Lane * * *
* VRS Consulting, P.C. Tucson, Arizona 85710 *
************************************************************ *