On Tue, Oct 31, 2006 at 10:42:14AM -0600, wayne wrote:
Let's face it. Waiting for the type99 record was good, but also
allowing txt records (and worse: promoting to use TXT records)
may have been a mistake.
I publish and check type99 records - and encourage others to do the same.
I agree that encouraging the publication of TYPE99/SPF records is
probably useful, but I'm not at all convinced that checking for them
is a good idea.
Or, at least checking for both is probably a bad idea, especially if
you are doing those checks on include: mechanisms. That just makes
the DoS problem worse, not better.
Why?
If a type99 SPF record is found, don't even start looking for TXT.
Until such time as there is a non-trivial number of TYPE99/SPF
records, I think that checking for them is at least mildly abusive.
But looking for SPF, which has its own record type, should cause
a transfer of all TXT records eventhough there is a type99 record
available? I could argue that this would be mildly abusive.
What's the point in publishing type SPF if the majority of all
clients is going to fetch TXT records anyway?
Alex
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com