On Fri, 4 Nov 2005, Scott Kitterman wrote:
PTR is legal, but should be avoided if at all possible (it's virtually always
possible).
In terms of DNS lookups, it is the same as MX. Some DNS experts have
opined that locality of reference issues make caching not work as well
for PTR. I believe them - if millions of spammers try to forge
the domain from random zombie IPs, the PTR records can't be cached.
However, the PTR records need to be looked up only once per connection,
no matter how many times you use PTR in the spf record - vs
MX and A which need to be looked up for each occurence.
The DNS traffic and caching is no different for PTR than MX for legitimate
(not forged) mail that comes from a small set of IPs. The PTR mechanism
is only a problem when trying to weather a Denial of Service attack.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com