spf ent txt records.

Mark Andrews marka at isc.org
Mon Mar 18 00:59:11 UTC 2013 

In message <201303180038.r2I0cWeT026399 at calcite.rhyolite.com>, Vernon Schryver writes:
> > 20741,  so direct SPF RR hits is about one third of those using TXT RR,
> > small, but, insignificant? I wouldn't really say so, but some might.  I
> > suspect the SPF wanting to be deprecated is because of the lack of
> > take-up, due to lazy admins, there are some resolvers in use from
> > ancient debian boxes that are so old, they dont understand the SPF RR,
> > yes I know, they have bigger problems than that, but, again, comes down
> > to laziness, DNS is not rocket science, I'm sure given ARM and access to
> > google, a 13yo kid could get at least the "basics" right.
> 
> Laziness?--nonsense.  Postel's Law and simple logic predict the
> deprecating of the SPF type as well as the continued practice of
> publishing only TXT records by those with rational reasons to publish
> SPF data.
> 
>  1. SMTP servers (mail receivers) that have wanted to honor SPF -all
>    been forced to look for for SPF data in TXT records since the
>    beginning.  There have been far more TXT records with SPF data
>    than SPF records.  Therefore, the best course for SMTP servers
>    has been to request TXT and only request SPF if the TXT request
>    gives NODATA.  Requesting both SPF and TXT types would cost extra
>    bandwidth and raise questions about what to do if both are present
>    and differ.  Occassional differences between SPF and TXT are
>    inevitable due to caching in recursive resolvers even when the
>    authoritative server always changes both simultaneously.

Yet libspf2 requests SPF records and falls back to TXT on NODATA.
It does not do a TXT query if it gets a SPF response.
 
>  2. Rational operators of SMTP clients (mail senders) know that well
>    maintained SMTP servers understand #1 and so request TXT first or
>    request neither SPF nor TXT.
>    Publishing only SPF type records would double an SMTP client's
>    DNS costs.
>    Pubishing both SPF and TXT would not help well mantained SMTP
>    servers, but cost maintenance complexity and so potential errors.
>    Therefore, it is best to publish only TXT for well maintained
>    SMTP servers.
>    Badly maintained SMTP servers are likely to only check TXT records.

The rational course would be to set a sunset date on TXT style spf
records.  April 2016 looks like a good date.  10 years after RFC
4408 was published.

> Unlike the situations with IPv6 and DNSSEC, there are only costs
> and no benefits for rational operators SMTP clients or servers to
> change those two tactics.
> 
> Those interested in wider perspectives about SPF and TXT RRs than any
> single domain or the perceptions of SPF enthusiasts might consider the
> tables reporting surveys in RFC 6686.  One can ignore everything
> specifically about SenderID and read only about popularity of SPF and
> TXT records.  https://www.rfc-editor.org/rfc/rfc6686.txt
> 
> 
> Vernon Schryver    vjs at rhyolite.com
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list