SPF on 9.4.1 now?

[Mark Andrews]

> Mark Andrews wrote:
> > 
> > 	No.  You use it *instead* of TXT record.  There is no need
> > 	to dual publish the data.  Anyone that really cares about
> > 	SPF will upgrade their clients.
> 
> As a practical matter, I must respectfully disagree.  It will be some
> time before everyone gets a chance to upgrade, and the timeout issue
> with looking up SPF from some DNS server sets (not BIND or MS
> implementations far as I can tell) is a significant issue.  This timeout
> issue could, of course, be a firewall issue...  anyway, it has a
> significant impact on high-volume (for various definitions of "high")
> mail sites.  And thus is ultimately off-topic for this list.  FIN.

	What timeout issue?  If you don't publish the old clients
	will get a NODATA response.  There is no time out issue in
	not publishing the TXT record.

	If you have upgraded the client software it will look for
	a SPF record and only look for a TXT record if not found.
	In this case if you have a broken firewall it will timeout
	regardless of whether the TXT record is there or not.

	If the lookups on the client are done in parrallel then the
	client only has themselves to blame if it take a long time.

	As a publisher you need to make sure the records you publish
	are retrievable from your systems.  The client side needs
	to make sure their systems are capable of looking up the
	records they need.

	Mark

> E.g., massivebonus.net
> 
> Regards,
> Mike
> 
> -- 
> Michael Milligan                                   -> milli at acmeps.com
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org