SPF RR type

Kevin Darcy kcd at chrysler.com
Thu Jun 5 16:18:14 UTC 2014 

On 6/5/2014 10:34 AM, Mike Hoskins (michoski) wrote:
> -----Original Message-----
> From: Nicholas F Miller <nicholas.miller at Colorado.EDU>
> Date: Thursday, June 5, 2014 at 10:25 AM
> To: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
> Subject: SPF RR type
>
>> Are SPF RR types finally dead or not? I¹ve read through rfc7208 it
>> appears that they are:
>>
>>    "SPF records MUST be published as a DNS TXT (type 16) Resource Record
>>    (RR) [RFC1035] only.  The character content of the record is encoded
>>    as [US-ASCII].  Use of alternative DNS RR types was supported in
>>    SPF's experimental phase but has been discontinued."
>>
>> ...but to confuse the issue rfc7208 goes on to say:
>>
>>    "If a future update to SPF were developed that did not
>>    reuse existing SPF records, it could use the SPF RR type.  SPF's use
>>    of the TXT RR type for structured data should in no way be taken as
>>    precedent for future protocol designers.²
>>
>> Bind-9.10.0-P1 still reports errors if you don¹t have SPF RRs defined
>> with the SPF TXT records or are not using 'check-spf ignore¹.  Should one
>> keep existing SPF RRs or remove them? Will future versions of bind stop
>> reporting errors when SPF RRs don¹t exist?
> RFC 7208 is dated April 2014...  Even if/when BIND stops complaining, how
> long will it take for the Internet to align with the new standard?  :-)
>
> Look how long BCP38's existed and how many networks don't align despite
> obvious benefits to the Internet at large.  I know it's a different ball
> of wax...but only kinda.
>
> During such transitional periods, I suggest maintaing the old form for at
> least awhile (probably a couple years) to give the world time to update
> its configuration.  There used to be quite a few major mail providers who
> would bounce or at least flag as spam any mail from hosts not represented
> in the domain's SPF TXT record...so the choice of when to change depends
> on how much you care (or your users will complain) about misbehaved mail
> delivery.

Given the heated and bitter debates over the SPF record type (see 
http://www.ietf.org/mail-archive/web/dnsext/current/maillist.html, 
search "SPF", around August of last year), I'm thinking that "a couple 
years" probably translates into "indefinitely" or even "never".

Some people seem to think the role of the IETF is merely to passively 
document terrible designs and/or implementations...

                                                             - Kevin

More information about the bind-users mailing list