In
<Pine(_dot_)LNX(_dot_)4(_dot_)44(_dot_)0610141614460(_dot_)16238-100000(_at_)bmsred(_dot_)bmsi(_dot_)com>
"Stuart D. Gathman" <stuart(_at_)bmsi(_dot_)com> writes:
Here is an example of SPF adversely affecting a legitimate sender who
does not wish to participate (name changed to protect privacy):
Yes, this is somewhat of a problem. I actually talked about this a
little on the #spf IRC channel a few weeks ago with respect to doing
both TXT and type99/SPF queries. I voiced the opinion that until such
time that there were a non-trivial number of type99/SPF records out
there, SPF implementations should only query TXT records by default.
Ok, that said, I'm somewhat doubtful about this explanation.
$ host -t txt namechanged.org
;; connection timed out; no servers could be reached
Why don't they respond to TXT queries? They get charged by the query
response. Since they don't use TXT queries, why should they pay for
the DNS service to reply "we don't have any"?
Getting timeouts on TXT records have been reported before, going back
to I think late 2003. This was discussed on the dnsstuff.com forum a
while back, and Scott Perry mentioned that is is a known problem with
certain broken DNS proxy servers on certain firewall/nat/router
boxes. They run out of memory or something. Rebooting the router
fixes the problem, but disabling the DNS proxy is the real solution.
If they were *really* concerned about DNS loads, they would publish
TXT records with a long TTL. Or, better, locate their name servers
somewhere else where the traffic isn't a problem. There are plenty of
folks that will do your name serving for you, some of them are even
free if you only have a few domains with not much traffic.
-wayne
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com