-----Original Message-----
From: Florian Weimer [mailto:fw(_at_)deneb(_dot_)enyo(_dot_)de]
Sent: Thursday, August 11, 2005 10:49 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Updating SPF type99 and TXT RR's:
Simultaneity is not guaranteed.
* Scott Kitterman:
The key point from your paragraph is, "Starting with the set of
records that
were returned by the lookup". During the lookup you don't have
to look at
both. If you do, you have to PermError.
Okay, thanks. This means that the receiver has some freedom. As a
publisher of an SPF record, I have to assume that it exercises this
freedom. Unless the requirement I quoted is dropped, I still have to
temporarily remove SPF records (or TXT records, or both) to
unambiguously express *my* policy (after all, it's the *Sender* Policy
Framework). A temporary PermError is probably *not* what I want.
Yes. I do not, however, see any need to remove both type SPF and type TXT.
Even with the current rules, deleting one record type should be sufficient.
I agree that something needs to change here. Even if the receiver does
sequential lookups and only looks at the second RR type if they don't find a
record at the first, there is trouble.
There is EVEN trouble for domains that know nothing about SPF. Stuart had
an excellent example of this a few days ago:
http://www.gossamer-threads.com/lists/spf/discuss/22901?#22901
Consider the domain szco.com
$ host -t txt szco.com
;; no records
$ host -t type99 szco.com
;; connection timed out; no servers could be reached
Technically this is a TempError and I suppose that's true for a sufficiently
long definition of temporary (after they upgrade their DNS infrastructure
and/or firewall).
Wayne? ...
Scott K