Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bis-19.txt> (Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wednesday, August 21, 2013 23:32:33 Mark Andrews wrote:
> I object to the removal of the SPF record.

This is not a shock.  You were in the rough when we discussed it in the WG 
too.

> Name servers already have access controls down to the granuality
> of TYPE.  If this draft proceeds as currently described it is forcing
> name server vendors to access controls at the sub TYPE granuality.

It's primarily an issue for applications.  To the DNS, it's exactly what it 
is, a TXT record.

> With SPF lookup first I can specify the SPF policy using SPF and
> leave TXT free for other uses without having to worry about the
> records being misinterpeted.

Unless you have some specific reason to be concerned about accidentally 
starting an unrelated TXT record with "v=spf1 ", I can't imagine you don't 
have more important things to worry about.  This being a "problem" is a great 
theory, but it just doesn't happen in practice.

> SPF validators MUST NOT proceed to a TXT lookup on SERVFAIL for SPF.
> This is similar to not proceeding to A/AAAA lookups on MX lookup
> failures.

Except that it's quite common for a SERVFAIL on TYPESPF to occur for a domain 
that has an actual SPF record due to various operational issues.  SERVFAIL on 
type SPF doesn't reliably tell you anything about what a type TXT lookup would 
produce.  So it's similar, but only superficially so.

> I would also suggest that there be a sunset date published for the
> use of TXT for SPF.

Do you also suggest creation of an Internet police force to enforce this?  
What would be be mandatory minimum sentence?

Scott K




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]