"Frank Ellermann" opined:
Chris Haynes wrote:
The SPF policy (the IP addresses it identifies), is
time-sensitive.
DNS TTLs make this somewhat fuzzy whatever the SPF spec. says.
<snip>
I don't agree. The TTL is entirely under the control of the publisher (a.k.a.
DNS admin.). By supplying a non-zero TTL the publisher is declaring the timespan
during which the policy is valid. No fuzziness there.
If a publisher needs to change a policy at a specific time, he can wind-down the
TTLs beforehand so that - at the cross-over time there should be no cached
(previous) versions anywhere.
The fact that, in practice, many people are not going to be quite so
precise/fussy about how / when they change the SPF policy does not alter the
need to make the point that the IP and the policy valid at this same time (even
if it has been cached - so long as its within its TTL) should be used as a
'matched pair'.
BTW, this rule I suggest does not mean that the actual SPF testing cannot be
delayed until after SMTP-time; so long as the policy is read and stored during
the 'transaction', it would be logically acceptable to undertake the actual test
at a later stage, post-SMTP. The words in my previous post were chosen very
carefully to reflect this.
Chris