-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Scott Kitterman wrote:
Julian Mehnle wrote:
Scott Kitterman wrote:
The 10 lookup limit is a MUST in RFC 4408. Do it however you want,
but don't claim to have implemented the RFC if you do it differently.
Well, it's the receiver's choice whether they want to subject
themselves to DoS attacks. No need to call them incompliant for that.
They can't blame SPF then, however.
I'm going to have to disagree with you here... 4408 says:
... SPF implementations MUST limit the number of mechanisms and
modifiers that do DNS lookups to at most 10 per SPF check ... If this
number is exceeded during a check, a PermError MUST be returned."
Those two MUSTs are there for a reason. A record is either valid or
not. We can't have sort of, sometimes valid records. Skipping MUSTs in
an RFC means you haven't implemented the RFC.
You are right. We _should_ care whether receivers ignore the processing
limit, because it makes invalid records appear valid. The more receivers
ignore the processing limit, the more domain owners will think that it
generally doesn't apply.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEXRa1wL7PKlBZWjsRAmWoAKD4vFYHKjyltYkuR6tcPrkg4Ke6DACgvFp2
gGNMtCfJ2EaMXte3LqBSQJY=
=4emD
-----END PGP SIGNATURE-----
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com