spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Is this SPF record valid

2006-05-04 15:50:11
On Thu, May 04, 2006 at 06:28:55PM -0400, Terry Fielder wrote:

Unless the IP actually DOES can change for the mail server, read on...

[...]

It can be an indication that the domain owner recognizes that:
1) currently the IP for their mail server is static, so they can save 
you a DNS lookup by giving an IP ref
2) the IP for their mail server might change e.g. in an ISP outage and 
they cutover the mail server to their redundant connection

So for a remote possibility that may happen in a distant future,
thousands of mail receivers are asked to waste resources?

If they are switching over to a redundant connection this means they
are going to alter their A records into something else; why not alter
the SPF record at that moment as well?

Caching is a real issue here.  The scenario:

1: I receive mail from them.  I lookup their A records.
2: something bad happens, they switch over to their alternate connection.
3: I receive mail from them.  I use the cached records pointing to
   the previous (now wrong) location and reject their mail.

If they want to have a minimum amount of problems at switch over time,
their A record must NOT be in my cache so it must not be in their record.

Even then, I am probably going to use my cached copy of their TXT record
and things are not what they expect.

The solution: have the ip address(es) of their redundant connection in
the record as well.  Most likely something like "ip4:192.0.2.0/24" but
change the ip address range in something appropriate.

Alex

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com