-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of David
MacQuigg
Sent: Tuesday, March 29, 2005 4:10 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] Standard Authentication Query
At 02:38 PM 3/29/2005 -0500, Scott Kitterman wrote:
A typical top record might look like this one for rr.com:
v=spf1
m=24.30.203/24,24.28.200/24,24.28.204/24,24.30.218/24,24.93.47/24,2
4.25.9/24,
65.24.5/24,24.94.166/24,24.29.109/24,66.75.162/24,24.24.2/24,65.32.
5/24 ... -all
The ... redirects and such might never be needed if rr.com
decides it can
clean out the zombies in each of those /24 blocks.
Which, according to Todd, is already done.
-- Dave
For SPF checking libraries that don't implement the mask (currently all of
them), that record would parse as:
v=spf1 -all
That should be "v=spf1 ... -all". The ... was intended to include all the
usual complexities for those checkers that don't understand the new mask
notation.
The mask only has potential to help once it's deployed and senders modify
their policies to use it.
Both methods have to be deployed before they can help. Either of these
will have to be built into the compiler. ( I hope you are not suggesting
that we teach users to write the "not.me" syntax. We'll have to put Frank
on the help desk. :>)
Regardless of the potential for increased effeciency, I think that a
significant change like this is going to have a hard time getting traction
in the market. If this sort of approach will appeal to people,
then perhaps
we ought to concentrate in the near term on selling Frank's slightly less
efficient approach since it's fully compatible with the current syntax.
The masks will be generated automatically by a compiler. The
compiler will
get market traction because it is easier and more fun than
creating records
with a text editor, and it will be a webtool or a free download, not
requiring any DNS patches, etc.
The "include:not.me" syntax, as I understand it, can never provide a
one-shot DNS response, and once people start using it, we will never get
rid of it.
Spammers are not going to give up their lucrative business without a
fight. I can easily imagine them turning up the volume by a factor of 10
or even 100. I like the idea of having as the final defense, a
"one-query"
mode where 90% of the legitimate mail gets through, and the spammers are
rejected at a cost not much more than they spend in sending their sh*t.
-- Dave
Maybe the compiler could have an option to spit out either m= or
"include:not.me".
"include:not.me" can be deployed today.
Most of the people that come to spf-help or send e-mail that ends up on the
spf help rt have rather simple records. In fact, most of them need simpler
records than they think they do based on the wizard. Updating the wizards
to lead people towards tighter records would be a good thing to do too (I
see of lot of records with ptr in it that don't need it).
As one of the people active in both those venues, if someone will write the
compiler/script to produce the "include:not.me" record, I'll support and
push it.
No matter how wonderful m= is, it can't be used until it's deployed. If we
had a decent script, we could start doing "include:not.me" today.
Scott Kitterman