Comment Re:SPF is well marketed.... (Score 4, Insightful) 214
# Its parsing is too complex
Complex or not, it's working just fine with quite an array of software.
# No sane firewall is going to let TXT records through
A firewall would need to examine the contents of packets to differentiate a TXT record from a, say, A record or cname. Comparable wizardry is already being performed by mail servers world wide, on a vast scale:
[smegma@cartman smegma]$ host -t txt 84.137.116.38.sbl.spamhaus.org
84.137.116.38.sbl.spamhaus.org text "http://www.spamhaus.org/SBL/sbl.lasso?query=SBL17 101"
# No sane firewall is going to let TCP DNS packets through
SPF does not rely on anything that every other app using DNS doesn't. Also see above.
# The parsing can loop forever
In a horribly written parser perhaps. The same could be said about IRC clients, Web Browsers and just about any application out there.
# It will increase DNS scaning as spamers hunt for broken SPF records
DNS is quite efficient. Unlike RBLs, SPF will work just fine with traditional SOA settings, so cache hits will be plentiful.
# Its too complex to be implimented inside the MTA where it needs to be done
Just where do you think it's already being implemented?
# It can't be properly parsed in sendmail
It is already being used with all popular MTAs, including sendmail, postfix, qmail, exim, courier and ms exchange.
# ISO 8839 8859 59-15 utf-8 issues for domain names may kill some dns servers
Huh?
Parsing complexity might become a bit of a concern with the advent of XML, but as of now, it's dead-simple.
3, Interesting? And I feel like I'm feeding a troll here!
Complex or not, it's working just fine with quite an array of software.
# No sane firewall is going to let TXT records through
A firewall would need to examine the contents of packets to differentiate a TXT record from a, say, A record or cname. Comparable wizardry is already being performed by mail servers world wide, on a vast scale:
[smegma@cartman smegma]$ host -t txt 84.137.116.38.sbl.spamhaus.org
84.137.116.38.sbl.spamhaus.org text "http://www.spamhaus.org/SBL/sbl.lasso?query=SBL1
# No sane firewall is going to let TCP DNS packets through
SPF does not rely on anything that every other app using DNS doesn't. Also see above.
# The parsing can loop forever
In a horribly written parser perhaps. The same could be said about IRC clients, Web Browsers and just about any application out there.
# It will increase DNS scaning as spamers hunt for broken SPF records
DNS is quite efficient. Unlike RBLs, SPF will work just fine with traditional SOA settings, so cache hits will be plentiful.
# Its too complex to be implimented inside the MTA where it needs to be done
Just where do you think it's already being implemented?
# It can't be properly parsed in sendmail
It is already being used with all popular MTAs, including sendmail, postfix, qmail, exim, courier and ms exchange.
# ISO 8839 8859 59-15 utf-8 issues for domain names may kill some dns servers
Huh?
Parsing complexity might become a bit of a concern with the advent of XML, but as of now, it's dead-simple.
3, Interesting? And I feel like I'm feeding a troll here!
