Don Lee wrote:
The simpler we make publishing SPF, the easier it will be to drive
adoption. Ideally there should be *one* way to do it, and it should
be easy and straightforward. Anything that smacks of confusion or
doubt will be an obstacle. This thread is full of FUD.
KISS.
I have to concur. After giving my presentation on Sender ID at the recent
Exchange connections (and including the very helpful information y'all provided
on why SPF and Sender ID aren't the same thing, and why Sender ID is considered
less than optimal in many quarters), I had several people in my audience come
up to me afterward and tell me that while they'd actually prefer to use SPF
with Exchange, they found that the current recommendations on TXT records vs.
type99 records to be enough of a distraction that it wasn't worth it. Many
seemed to think that they would be required to replace their DNS infrastructure.
I guess I don't understand why there's so much resistance to just using TXT
records. True, they're used for multiple purposes and that can create problems,
but there are other options to work around those problems. Being able to say,
"You can always and forevermore use SPF with your existing DNS server, no
matter what kind it is," is a win. The subtext that many people I've talked to
find in the type99 records is that one day, they're going to either have to
abandon later versions of SPF, switch to a different DNS server, or try to
force Microsoft to upgrade their product to support a record type that is only
used by a competing standard.
The more subtle problem with the way RFC4408 establishes the use of type99
records is that it explicitly allows implementers to create RFC-compliant
implementations that can fail to locate and use existing SPF records. If
publishers who use the type99 RR *should* publish both, that's the same as
saying it's optional. They can publish only type99 records, or only TXT
records, and when mail from them is received by an implementation that chooses
to only look up the other type, the standards-compliant information will be
ignored through no fault of the person publishing the policy; they made a valid
choice under the current RFC, as did the implementer.
It's probably too late to do anything about it now, but it would have been
really nice to keep type99 records as experimental; those who wished to use
them would have an specific string to include in their TXT record, directing
the implementation to lookup the type99 record instead. True, this would have
caused more DNS traffic -- but only for those who opted in to testing the
type99 records. Support for the records could have been worked out and
documented, and a later version of SPF could move to type99 records entirely.
--
Devin L. Ganger, Exchange MVP Email: deving(_at_)3sharp(_dot_)com
3Sharp LLC Phone: 425.882.1032
14700 NE 95th Suite 210 Cell: 425.239.2575
Redmond, WA 98052 Fax: 425.702.8455
(e)Mail Insecurity: http://blogs.3sharp.com/blog/deving/
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735