SPF RR type

Nicholas F Miller nicholas.miller at Colorado.EDU
Thu Jun 5 16:08:11 UTC 2014 

SPF records are not going away. It is the SPF RRTYPE (99) that may or not be deprecated. The whole reason the SPF RRTYPE (99) may be deprecated is due to the fact that most email providers honor the TXT RRTYPE (16) SPF and ignore the SPF RRTYPE (99).

Your point about the delay until adoption is spot one. I am just wondering if SPF RRTYPE (99) are deprecated and if/when Bind will stop alerting on them if they are.
_________________________________________________________
Nicholas Miller, OIT, University of Colorado at Boulder




On Jun 5, 2014, at 8:34 AM, Mike Hoskins (michoski) <michoski at cisco.com> wrote:

> -----Original Message-----
> From: Nicholas F Miller <nicholas.miller at Colorado.EDU>
> Date: Thursday, June 5, 2014 at 10:25 AM
> To: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
> Subject: SPF RR type
> 
>> Are SPF RR types finally dead or not? I¹ve read through rfc7208 it
>> appears that they are:
>> 
>>  "SPF records MUST be published as a DNS TXT (type 16) Resource Record
>>  (RR) [RFC1035] only.  The character content of the record is encoded
>>  as [US-ASCII].  Use of alternative DNS RR types was supported in
>>  SPF's experimental phase but has been discontinued."
>> 
>> ...but to confuse the issue rfc7208 goes on to say:
>> 
>>  "If a future update to SPF were developed that did not
>>  reuse existing SPF records, it could use the SPF RR type.  SPF's use
>>  of the TXT RR type for structured data should in no way be taken as
>>  precedent for future protocol designers.²
>> 
>> Bind-9.10.0-P1 still reports errors if you don¹t have SPF RRs defined
>> with the SPF TXT records or are not using 'check-spf ignore¹.  Should one
>> keep existing SPF RRs or remove them? Will future versions of bind stop
>> reporting errors when SPF RRs don¹t exist?
> 
> RFC 7208 is dated April 2014...  Even if/when BIND stops complaining, how
> long will it take for the Internet to align with the new standard?  :-)
> 
> Look how long BCP38's existed and how many networks don't align despite
> obvious benefits to the Internet at large.  I know it's a different ball
> of wax...but only kinda.
> 
> During such transitional periods, I suggest maintaing the old form for at
> least awhile (probably a couple years) to give the world time to update
> its configuration.  There used to be quite a few major mail providers who
> would bounce or at least flag as spam any mail from hosts not represented
> in the domain's SPF TXT record...so the choice of when to change depends
> on how much you care (or your users will complain) about misbehaved mail
> delivery.
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list