On Thu, Aug 22, 2013 at 1:36 AM, Jelte Jansen <jelte.jansen@xxxxxxx> wrote:
While I appreciate the argument 'this works now, and it is used'
(running code, and all that), I am very worried that we'll end up with
what is essentially a free-form blob containing data for several
protocols at the zone apexes instead of a structured DNS.
With or without SPF, we're long past the point where worrying about that is worthwhile. Try a TXT lookup for ut.edu or banctec.com, for example.
When I did one of the surveys for RFC6686, it recorded the TXT RRs returned for various domain queries. The top ten in terms of record counts returned back then (most have been cleaned up now):
+-----------+----------------------+
| count(id) | domain |
+-----------+----------------------+
| 43 | wncy.com |
| 43 | b93radio.com |
| 43 | wtaq.com |
| 29 | dealdirectsendz.info |
| 23 | voamn.org |
| 18 | ut.edu |
| 15 | aaronline.com |
| 10 | dwgsecurity.com |
| 9 | emergogroup.com |
| 9 | banctec.com |
+-----------+----------------------+
+-----------+----------------------+
| count(id) | domain |
+-----------+----------------------+
| 43 | wncy.com |
| 43 | b93radio.com |
| 43 | wtaq.com |
| 29 | dealdirectsendz.info |
| 23 | voamn.org |
| 18 | ut.edu |
| 15 | aaronline.com |
| 10 | dwgsecurity.com |
| 9 | emergogroup.com |
| 9 | banctec.com |
+-----------+----------------------+
The top three were loaded with "google-site-verification=<hash>" records. ut.edu and banctec.com have a mix of things.
-MSK