spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Re: 99.95% of all SPF records use no macros

2008-07-25 00:15:02
Frank Ellermann wrote:
Scott Kitterman wrote:

  [not only new]
SPF applications are free to honour or ignore SPF policies
using this feature.  They could abort SPF checks with result
NONE when they see a localpart macro outside of explanations,
for example.
I would be against this. I'm not aware of any library that currently has trouble with macros.

+1, I don't think it's smart to abjure released features.

Doug's "SPF scripts take DNS down" nightmares were certainly
exaggerated.  But he had a point wrt abuse obscured by local-
part macros.  Most SPF macros are harmless, but %{l} is not.

Being local, it shouldn't harm DNSs. Correct?

I fear that no SPF implementations gets some weirder macro
cases right.  For "\"take\\that\""@example.com [...]
[...] nobody had the energy to fix this discrepancy.

Then, we shouldn't be more royalist than the king. I'd classify those as problematic local parts rather than reproach %{l}...

If these three macros (or rather six, h+l+s+H+L+S) would be
limited to explanations they'd be fine.  But this is not the
case.

Do you mean they should not affect the result?

Their use may be limited, but they are important to support
certain use cases.

For Doug's DDoS theories.  In practice see subject, less than
0.5 permille use *any* macros, if this statistics is correct.

I don't think that's correct. One should count the number of times a record has been used. However, there's no practical way to trace those calls: SPF lacks support for statistics, as well as for debugging. Should such issues be addressed in a future release?

Ale


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com