spf-discuss
[Top] [All Lists]

Re: Re: possible changes to the SPF I-D during AUTH48

2005-08-19 21:52:45
In 
<Pine(_dot_)LNX(_dot_)4(_dot_)44(_dot_)0508192316160(_dot_)9901-100000(_at_)bmsred(_dot_)bmsi(_dot_)com>
 "Stuart D. Gathman" <stuart(_at_)bmsi(_dot_)com> writes:

On Fri, 19 Aug 2005, wayne wrote:

So you are suggesting that receivers follow CNAME chains to any
implementation determined length?

That is my suggestion, yes.

So is my current limit of 10 ok?  Or should I up it to something like
how many CNAMES might fit in 1 UDP packet (which is what limits 
a typical implementation - I figure about 40)?

My knee-jerk reaction is 10 is fine, and really, I have a hard time
justifying more than 3 or 4.  (Your chain letter example doesn't sound
very plausable to me.  I think people will just pass along the SPF
record text instead.  I suspect that there are a lot of people who
don't know that there are any DNS records besides A and MX, and TXT is
new enough for them.)


My do-things-right reaction is that we should check to see what
various resolvers do.  If most of them abort after only, say, 2
CNAMEs, then I think we would be safe to do likewise.  If they do 100
CNAMEs, well, maybe I'm missing a good reason why we should allow that
many CNAMEs in a chain.


-wayne