On Tue, 8 Aug 2006, Andy Bakun wrote:
On Tue, 2006-08-08 at 21:21 +0000, Julian Mehnle wrote:
Instead of querying the DNS to get the list of IP addresses of valid
mail servers simply acquire this list from the web server instead. Given
Wasn't using web servers to serve mail infrastructure records hashed out
as a bad, or at least questionable, idea like two or three years ago?
Yeah, you think the DOS possibilities for DNS queries are bad,
HTTP is worse. But you could disallow anything but IPs, and simply update the
text file via a preprocessor when source documents (e.g. an include equivalent
or MX records) change. The preprocessor would compute an expiration for the
text file.
But, libspf2 already does the above (compiles SPF records to IP lists)
for SPF.
Here is some brainstorming:
Perhaps SPF2.5 could do away with include, redirect and friends, and
define "source" records separate from "executable" records. The
executable records would have IP addresses only, and a TTL computed
from source documents/records. SPF2.5 checkers would only query
"executable" records. SPF2.5 compilers, on the other hand, would
read the source records - and source records would include text files
fetched via HTTP and v=spf1 records.
The more I think about it, the more I like that idea. So shoot holes in
it quick before I start promoting it.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com