On Wed, 10 Aug 2005, wayne wrote:
I'm suggesting that the ptr: mechanism not be counted at all. While
it does require DNS lookups, the amount of DNS lookups is bounded and
therefore it doesn't make the DoS problem worse.
A smart implementation won't do the A record lookups to validate PTR
names until the name matches. So each ptr that matches will cost
one A lookup. (And with include, there can be multiple ptrs that match.)
And yes, pyspf will be a smart implemention - just for the fun of it,
even if it can't be justified performance wise :-) (But I think
avoiding all those A lookups is a win.)
But I agree that a KISS approximation is to not count PTR against limit
at all.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.