On Thu, 14 Apr 2005, David MacQuigg wrote:
If I had to chose right now between SPF and CSV for a final standard, I
would slightly favor CSV. This is based on my current understanding of the
DNS loading problem. That understanding is incomplete, partly because it
is difficult to get either side to drop the dogma and talk objectively
about the potential for abuse.
On a first reading of the CSV standard, it looks like they are
authenticating the HELO identity. That is great, but comparing
the cost of HELO validation to the cost of MAIL FROM validation is
comparing apples to oranges. If you publish SPF records for
HELO identities only, then there will be 1 A or IP4 mechanism
in the SPF record - one query per authentication, just like the
CSV standard. The extra cost and complexity comes when validating
MAIL FROM.
The only advantage I can see to CSV over SPF for HELO validation is that
using SRV instead of TXT seems a little cleaner. However, if you are
going to validate both HELO and MAIL FROM, it is nice to stick with one
standard.
Currently, I consider a HELO name validated if there is an A record
for it with a matching IP. There are so few MTAs that even get that
right...
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.