IETF Logo Mail Archive

Re: [dnsext] SPF, a cautionary tale

Doug Barton <dougb@dougbarton.us> Mon, 06 May 2013 08:38 UTC

Return-Path: <dougb@dougbarton.us>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A07521F8F6C for <dnsext@ietfa.amsl.com>; Mon, 6 May 2013 01:38:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pJPfN6G742-G for <dnsext@ietfa.amsl.com>; Mon, 6 May 2013 01:38:06 -0700 (PDT)
Received: from dougbarton.us (dougbarton.us [208.79.90.218]) by ietfa.amsl.com (Postfix) with ESMTP id 0389921F8793 for <dnsext@ietf.org>; Mon, 6 May 2013 01:38:06 -0700 (PDT)
Received: from [IPv6:2001:470:d:5e7:bd97:326e:ce:1bc7] (unknown [IPv6:2001:470:d:5e7:bd97:326e:ce:1bc7]) by dougbarton.us (Postfix) with ESMTPSA id 79A6C22B3F for <dnsext@ietf.org>; Mon, 6 May 2013 08:38:05 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dougbarton.us; s=dougbarton.us; t=1367829485; bh=TnhDxZ9lCG4f40u2T21jeicn4AeZuFaAhRFOOpekyNc=; h=Date:From:To:Subject:References:In-Reply-To; b=meLUXJeFMTxDmEUo6UA53nvJmM2NjyrpNM8OeucNWi3T6Cc3WHbr9N7dpn8FJyzbr ra0Jlj4ZLYRzQCDh1RNcm9VO7uPp2dDp9lElOWTz0SCeZNu0qrqifl0ahOFJELwIUM OgKvuU2h2lm43AcLZFFHr2P1eGrzmN7grs4Dvsb4=
Message-ID: <51876BED.9020600@dougbarton.us>
Date: Mon, 06 May 2013 01:38:05 -0700
From: Doug Barton <dougb@dougbarton.us>
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:17.0) Gecko/20130328 Thunderbird/17.0.5
MIME-Version: 1.0
To: dnsext@ietf.org
References: <8D23D4052ABE7A4490E77B1A012B63077516EA82@mbx-01.win.nominum.com> <20130503171843.39672.qmail@joyce.lan> <20130504133312.GA27772@vacation.karoshi.com.> <alpine.BSF.2.00.1305041103360.8602@joyce.lan> <20130505012216.GA29079@vacation.karoshi.com.> <alpine.BSF.2.00.1305042223280.10848@joyce.lan> <20130505032549.GA30757@vacation.karoshi.com.> <alpine.BSF.2.00.1305042327490.11044@joyce.lan> <20130505085348.GA6061@vacation.karoshi.com.> <20130505110635.0D83433E9BFC@drugs.dv.isc.org> <CAL0qLwa-fWyB2NtVdMu02-iz8ZWnYo3+PJ4qFtxYeWe=KQtiwA@mail.gmail.com> <20130506011236.A1AD633EB06B@drugs.dv.isc.org> <CAL0qLwaiL64XLxyKX2i94NAfAvMOqJwfdL3R9oB01FxJ=VEEsg@mail.gmail.com>
In-Reply-To: <CAL0qLwaiL64XLxyKX2i94NAfAvMOqJwfdL3R9oB01FxJ=VEEsg@mail.gmail.com>
X-Enigmail-Version: 1.5.1
OpenPGP: id=1A1ABC84
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [dnsext] SPF, a cautionary tale
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 May 2013 08:38:10 -0000

On 05/06/2013 01:31 AM, Murray S. Kucherawy wrote:
> On Sun, May 5, 2013 at 6:12 PM, Mark Andrews <marka@isc.org
> <mailto:marka@isc.org>> wrote:
>
>     And RFC6686 is biased as it use the Alexa top X which is known to
>     use more load balancers which are often not RFC 103[45] compliant
>     name servers.  They don't do negative answers properly.  Fixing one
>     set of nameservers in the Alexa top X can drastically change the
>     numbers as many domains Alexa top X are served by identical sets
>     of name servers.
>
>
> 1) I think you're supporting RFC6686's conclusions there.

6686 asked the wrong questions, and then used the data to come to the 
wrong conclusions. It's totally irrelevant to the question, "How should 
SPF be done properly going forward?"

Doug

v2.23.0 | Report a Bug | By Email