On Tuesday 31 October 2006 23:47, Frank Ellermann wrote:
To damp Doug's attack without counting bytes (shudder) maybe a total
limit of about 40 queries (10 mechanisms + 30 names) would do, or is
that too liberal / too conservative ?
I think that's on the right track.
The problem as I understand it is that some IP addresses on shared hosts have
huge numbers of PTR records. The number of names returned with PTR is
generally beyond the control of the domain owner unless they have exclusive
use of the IP (which isn't what we are talking about here).
I'd be tempted to go for something like that, but I think you have to process
MX before PTR if they count against the same limit. This would add to why
PTR is unreliable.
I'd be more inclined to set the MX limit to 20 total for all MX mechanisms and
just leave PTR at one (don't use PTR unless the IP only has one name
associated and it's the one you want).
Dunno. We have a while to think about it.
Scott K
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com