spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Re: [Fwd: Re: DNSOP Agenda for San Diego (IETF 67)]

2006-10-31 21:56:53
On Tuesday 31 October 2006 23:47, Frank Ellermann wrote:

To damp Doug's attack without counting bytes (shudder) maybe a total
limit of about 40 queries (10 mechanisms + 30 names) would do, or is
that too liberal / too conservative ?

I think that's on the right track.

The problem as I understand it is that some IP addresses on shared hosts have 
huge numbers of PTR records.  The number of names returned with PTR is 
generally beyond the control of the domain owner unless they have exclusive 
use of the IP (which isn't what we are talking about here).

I'd be tempted to go for something like that, but I think you have to process 
MX before PTR if they count against the same limit.  This would add to why 
PTR is unreliable.  

I'd be more inclined to set the MX limit to 20 total for all MX mechanisms and 
just leave PTR at one (don't use PTR unless the IP only has one name 
associated and it's the one you want).

Dunno.  We have a while to think about it.

Scott K

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

<Prev in Thread] Current Thread [Next in Thread>