spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Utility to expand SPF record into list of IPs?

2008-03-06 09:39:14
from [Stuart D. Gathman] [Permanent Link] 
On Thu, 6 Mar 2008, Peter Bowyer wrote:


Anyway, I'm looking for a utility that would allow me to query the SPF
record for a given domain, and then expand that SPF record into a list of
IPs - and I need to be able to do this programatically.  Kind of a strange
request, I know, but I need this ability for a kludge resolution of an
issue that is outside the interests of this list.


Unfortunately that's only possible for a partial set of SPF mechanisms - you
couldn't translate (eg) ptr and exists mechanisms into lists of
IPs.


Not a list of IPs, but any SPF record is a map of (mailfrom,ip) pairs to
SPF results.  As a thought experiment, you could evaluate the SPF record for 
all 4 billion ips and cache the resulting map under the mailfrom with
a TTL that is the minimum of all TTLs encountered.

Generating the map can be done much more efficiently, however.

EXISTS - depends on which macros are used.  If ip macros are not used, result
applies to all ips.  If ip macro is used, you probably don't want to 
query the poor exists server for all possible ips, so use lazy evaluation.
Many ips will never hit the exists, so the lazy evaluation would only
be included for ips that need it.

PTR - PTR matches must be validated, so you can start with a name.  While we
can't guess *all* the names that might end in the target, we can guess a few,
like the target itself and the mailfrom, and any other matching domains
mentioned during compiling.  Add any hits as ip4 mechanisms in front of the
ptr.

Because of the need for lazy evaluation, our system will "compile"
an SPF record to one with mostly IP4 mechanisms, plus a TTL.  The 
ip4 mechanisms can have a compact binary representation in the cache.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://www.listbox.com/member/archive/735/=now
RSS Feed: http://www.listbox.com/member/archive/rss/735/
Modify Your Subscription: 
http://www.listbox.com/member/?member_id=2183229&id_secret=95887956-51703a
Powered by Listbox: http://www.listbox.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] Utility to expand SPF record into list of IPs?, Peter Bowyer
Next by Date:  Re: [spf-discuss] Utility to expand SPF record into list of IPs?, Meng Weng Wong
Previous by Thread:  Re: [spf-discuss] Utility to expand SPF record into list of IPs?, Peter Bowyer
Next by Thread:  Re: [spf-discuss] Utility to expand SPF record into list of IPs?, Meng Weng Wong
Indexes:  [Date] [Thread] [Top] [All Lists]