----- Original Message -----
From: "william(at)elan.net" <william(_at_)elan(_dot_)net>
Newsgroups: spf.-.sender.policy.framework.discussion
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Friday, April 01, 2005 12:48 AM
Subject: Re: [spf-discuss] Why are so many DNS requests necessary at all?
This might be translated to a SPF directive where the policy exposes a
refresh time. However, that would need to be secured with a server
overide
refresh time because you don't want a client saying "This record is good
for
X months!"
There is no need for this in SPF record (and it would be violation of
layers too since caching is for protocols). DNS has very strong caching
architecture with features that include refresh time, etc. Since SPF is
using dns, there is no need to add "refresh time" to the record, what you
need is to have SPF client use local caching dns servers and have SPF
record entered with different refresh then domain zone.
I was not suggesting of crossing the boundary. I was thinking IP (Not
domain) caching would be in SPF server itself.
If the assertion can be made:
SPF result1 = IP1 : DOMAIN1
then
SPF result1 = cache(IP1)
for any incoming domain from the same IP for a limited "quantum/resfresh"
time.
The initial SPF(domain) lookup can be used to optional define the "SPF
refresh time" for this IP.
I think this will work for a system where there is high trust, and in the
real world, the majority of sites use an email model closely resembling a
social network, hence, while DNS provides domain caching, SPF can provide
SPF result caching based on IP.
I think it is so interesting, that I am thinking to pencil it in for R&D or
not. :-)
Sincerely,
Hector Santos, CTO
Santronics Software, Inc.
http://www.santronics.com
305-431-2846 Cell
305-248-3204 Office
http://www.winserver.com/wcsap (Wildcat! Sender Authentication Protocol)
http://www.winserver.com/spamstats (WcSAP Anti-Spam Stats)