SPF on 9.4.1 now?
Sten Carlsen
ccc2716 at vip.cybercity.dk
Mon May 21 22:43:38 UTC 2007
Måns Nilsson wrote:
> --On tisdag, tisdag 22 maj 2007 00.36.43 +1000 Mark Andrews
> <Mark_Andrews at isc.org> wrote:
>
>> Which is a perfect reason to take the TXT records out. If
>> you keep the TXT record there then there in no incentive
>> to upgrade / fix broken software. People will be asking
>> in 10 years time "Do we still need the TXT spf record?"
>>
>
> (I fully agree with Mark, btw)
>
> Which is why my second biggest issue with SPF is the ugly TXT hack. Ideas
> like that create hard-to-overcome ambivalence in the name/interpretation
> space. If you ever, ever contemplate to use TXT records for anything
> besides data that is going to be read by humans using dig or host, take
> notice. You will do DNS a disservice. (The largest issue is that SPF in all
> is a ugly and stupid layering violation, but that is well off-topic)
>
> *steps of soap-box*
>
I will still recommend the path that is the only one I have really seen
work:
Make the new solution work so well that nobody wants to keep the old
one. (Yes, I know that will take a long time.)
If you remove txt-records, do you believe that will make all the people
with 8.x.x BIND servers upgrade just now? (or even 4.7)? I did not think
so, I also believe that more immidiate reasons will be needed for that
to happen. All the bugs and vulnerabilities have not succeeded yet.
That means that removing them will leave us without SPF in general; mail
will survive, but with more spam accepted for human handling. Whos
interest would that be?
In general I agree that a special RR-type is far preferable to txt-RRs.
--
Best regards
Sten Carlsen
No improvements come from shouting:
"MALE BOVINE MANURE!!!"
More information about the bind-users
mailing list