In <42F9FF89(_dot_)8DA(_at_)xyzzy(_dot_)claranet(_dot_)de> Frank Ellermann
<nobody(_at_)xyzzy(_dot_)claranet(_dot_)de> writes:
wayne wrote:
In general, having 100 ptr: mechanisms isn't going to
be worse than one.
Is your implementation always "smart" with multiple ptr-
mechanisms ? In your foo, bar, baz.com example, what if
other mechanisms stand between the ptr, and / or if the
qualifiers are different ?
libspf2 is not "smart", so 100 ptr: mechanisms costs exactly the same
number of DNS lookups as one ptr:. I don't know of an SPF
implementation that doesn't implement ptr: the "dumb" way.
In other words, the "count to ten" concept is KISS. Do
really like to add a special rule "count only the first
ptr, and do something with the p-macro if ..." [TBD] ?
I'm suggesting that the ptr: mechanism not be counted at all. While
it does require DNS lookups, the amount of DNS lookups is bounded and
therefore it doesn't make the DoS problem worse.
Again, the %{p} macro variable isn't counted against the process
limits. This was somewhat intentional because I remembered in the
libspf2 code that it cost a fix amount no matter how often it is
used. I did not remember that the same applies to ptr:.
-wayne