Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt> (Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1) to Proposed Standard
Douglas Otis <doug.mtview@gmail.com> Thu, 12 September 2013 04:55 UTC
Return-Path: <doug.mtview@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FFB321F9BF0 for <ietf@ietfa.amsl.com>; Wed, 11 Sep 2013 21:55:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vZxY+0-ZBPn1 for <ietf@ietfa.amsl.com>; Wed, 11 Sep 2013 21:55:56 -0700 (PDT)
Received: from mail-pd0-x229.google.com (mail-pd0-x229.google.com [IPv6:2607:f8b0:400e:c02::229]) by ietfa.amsl.com (Postfix) with ESMTP id 6EC4221F9C06 for <ietf@ietf.org>; Wed, 11 Sep 2013 21:55:56 -0700 (PDT)
Received: by mail-pd0-f169.google.com with SMTP id r10so10250758pdi.0 for <ietf@ietf.org>; Wed, 11 Sep 2013 21:55:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:subject:date:message-id:cc:to:mime-version; bh=5WvFwXfMc8IBXa20zwjAbvnQYz3uVB2otnmjHHIN2Mk=; b=t9Zj0wwpHt+F3waDpBKlq8WaqDxB++T17oSGRER403x37xy1Pc+nBXBvrfOg9JflOw X4yM2xYZ4W76J9eEO61ZpRIpCd3c2drLbqs6gz6iiSvoXxJNHk3K42Z1GaoLG0nQnfCJ LQWAIheBPgzn2DAqw9oGXE9uR5rfiTvf1vfJRez+I2ZaowlqYVkwKJv7sF++VzzWiA4/ +pOyqPCPuaXc3/TaWz6JBuh3PTSVb3mgzt/TVZP+/dQPBmGreTYZvAcJZ595mnrDWQCf ZsfSqaYig8ARXQBQuX8iNgc9rAQ9j3vbWuA8zKkvoDJne9o2veKqfi+Q6wuFbSIZ7qtp lXMQ==
X-Received: by 10.66.243.196 with SMTP id xa4mr779713pac.174.1378961754888; Wed, 11 Sep 2013 21:55:54 -0700 (PDT)
Received: from ?IPv6:2601:9:7680:308:9970:312c:70d0:6973? ([2601:9:7680:308:9970:312c:70d0:6973]) by mx.google.com with ESMTPSA id hx1sm1944184pbb.35.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 11 Sep 2013 21:55:53 -0700 (PDT)
From: Douglas Otis <doug.mtview@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_BF4A2C38-FA23-41EA-BD32-8CAF9BD31B43"
Subject: Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt> (Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1) to Proposed Standard
Date: Wed, 11 Sep 2013 21:55:50 -0700
Message-Id: <6FC7A544-0AB5-4BC0-A0BF-D0D8D740D3B8@gmail.com>
To: IETF Discussion <ietf@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
X-Mailer: Apple Mail (2.1508)
Cc: SM <sm+ietf@elandsys.com>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Sep 2013 04:55:58 -0000
Recommended text is as follows: 4.6.4. DNS Lookup Limits Was: ,-- SPF implementations MUST limit the total number of mechanisms and modifiers ("terms") that cause any DNS query to 10 during SPF evaluation. Specifically, the "include", "a", "mx", "ptr", and "exists" mechanisms as well as the "redirect" modifier count against this collective limit. The "all", "ip4", and "ip6" mechanisms do not count against this limit. If this number is exceeded during a check, a "permerror" MUST be returned. The "exp" modifier does not count against this limit because the DNS lookup to fetch the explanation string occurs after the SPF record evaluation has been completed. '-- Change to: ,--- SPF does not directly limit the number of DNS lookup transactions. Instead, the number of mechanisms and the modifier term "redirect" MUST be limited to no more than 10 instances within the evaluation process. The mechanisms "ip4", "ip6", and "all" and the "exp" modifier are excluded from being counted in this instance limitation. If this instance limit is exceeded during the evaluation process, a "permerror" MUST be returned. '--- 5. Mechanism Definitions Was: ,-- Several mechanisms rely on information fetched from the DNS. For these DNS queries, except where noted, if the DNS server returns an error (RCODE other than 0 or 3) or the query times out, the mechanism stops and the topmost check_host() returns "temperror". If the server returns "domain does not exist" (RCODE 3), then evaluation of the mechanism continues as if the server returned no error (RCODE 0) and zero answer records. ‘--- Add: ,--- See the recommended limits on "void lookups" defined in Section 4.6.4. DNS Lookup Limits. ‘--- 3.4. Record Size Was: ,--- Note that when computing the sizes for replies to queries of the TXT format, one has to take into account any other TXT records published at the domain name. Similarly, the sizes for replies to all queries related to SPF have to be evaluated to fit in a single 512 octet UDP packet. ‘--- Change to: ,--- Note that when computing the sizes for replies to queries of the TXT format, one has to take into account any other TXT records published at the domain name. Similarly, the sizes for replies to all queries related to SPF have to be evaluated to fit in a single 512 octet DNS Message. ‘--- Add to: 11.5.3. Macro Expansion ,--- It is not within SPF’s purview whether IPv6 or DNSSEC is being used. IPv6 (RFC2460) increased the minimum MTU size to 1280 octets. DNSSEC is deployed with EDNS0 (RFC6891) to avoid TCP fallback. EDNS0 suggests an MTU increase between 1280 and 1410 octets offers a reasonable result starting from a request of 4096 octets. A 1410 MTU offers a 2.4 times payload increase over the assumed MTU of 576 octets and is widely supported by Customer Premise Equipment. With increased MTUs being used with DNS over UDP, network amplification concerns increase accordingly. SPF macros can utilize SPF parameters derived from email messages that can modulate the names being queried in several ways without publishing additional DNS resources. The SPF macro feature permits malefactors a means to covertly orchestrate directed DDoS attacks from an array of compromised systems while expending little of their own resources. Since SPF does not make use of a dedicated resource record type or naming convention, this leaves few solutions available to DNS operations in offering a means to mitigate possible abuse. This type of abuse becomes rather pernicious when used in conjunction with synthetic domains now popular for tracking users without using web cookies. However, email providers can mitigate this type of abuse by ignoring SPF records containing macros. Very few domains make use of macros, and ignoring these records result in neutral handling. Some large providers have admitted they make use of this strategy without experiencing any notable problem. AOL began their support of SPF by saying they would use SPF to construct whitelists prior to receipt of email. Clearly, such whitelisting practices tends to preclude benefits derived from macro use. ‘--- Regards, Douglas Otis
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Måns Nilsson
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… John Levine
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Måns Nilsson
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Scott Kitterman
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… John R Levine
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Andrew Sullivan
- SPF TYPE support Hector Santos
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… John Levine
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… HLS
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Pete Resnick
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Pete Resnick
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Dave Crocker
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Murray S. Kucherawy
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Dave Crocker
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Andrew Sullivan
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Dave Crocker
- Re: SPF TYPE support Pete Resnick
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… David Conrad
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Scott Kitterman
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… John Levine
- Re: SPF TYPE support S Moonesamy
- Re: [spfbis] SPF TYPE support Ted Lemon
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Mark Andrews
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Andrew Sullivan
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Måns Nilsson
- Re: SPF TYPE support Måns Nilsson
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Mark Andrews
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… David Conrad
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Scott Kitterman
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… S Moonesamy
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Randy Bush
- Re: SPF TYPE support Dave Crocker
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Dave Crocker
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… David Conrad
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Patrik Fältström
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Dave Crocker
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Patrik Fältström
- Re: [spfbis] SPF TYPE support Hector Santos
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Hector Santos
- Re: [spfbis] prefixed names, was Last Call: <draf… John Levine
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Andrew Sullivan
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Dotzero
- Re: [spfbis] prefixed names, was Last Call: <draf… Mark Andrews
- Re: [spfbis] prefixed names, was Last Call: <draf… Dave Crocker
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Dave Crocker
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Andrew Sullivan
- Re: [spfbis] SPF TYPE support S Moonesamy
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… S Moonesamy
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Phillip Hallam-Baker
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Dave Crocker
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Andrew Sullivan
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… David Conrad
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Måns Nilsson
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Patrik Fältström
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Eliot Lear
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Scott Kitterman
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Patrik Fältström
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Eliot Lear
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… manning bill
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Scott Kitterman
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Mark Andrews
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Andrew Sullivan
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Andrew Sullivan
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Jelte Jansen
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Alessandro Vesely
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Patrik Fältström
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Ted Lemon
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Scott Kitterman
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Hector Santos
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… S Moonesamy
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Dave Crocker
- Re: [spfbis] there is no transitiion, was Last Ca… John Levine
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Patrik Fältström
- Re: [spfbis] there is no transitiion, was Last Ca… Ted Lemon
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Dave Crocker
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Olafur Gudmundsson
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Patrik Fältström
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Scott Kitterman
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Pete Resnick
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… John Leslie
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Dave Crocker
- Re: Rude responses (Was: Last Call: <draft-ietf-s… Pete Resnick
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Måns Nilsson
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Scott Kitterman
- Re: Rude responses (Was: Last Call: <draft-ietf-s… Dave Crocker
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Mark Andrews
- Re: Rude responses (Was: Last Call: <draft-ietf-s… Barry Leiba
- Re: Rude responses (Was: Last Call: <draft-ietf-s… Stephen Farrell
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Mark Andrews
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Måns Nilsson
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Scott Kitterman
- Re: Rude responses (Was: Last Call: <draft-ietf-s… S Moonesamy
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Scott Kitterman
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Scott Kitterman
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… S Moonesamy
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Mark Andrews
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Hector Santos
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… David Conrad
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… S Moonesamy
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Scott Kitterman
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Måns Nilsson
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Jelte Jansen
- Re: Rude responses (Was: Last Call: <draft-ietf-s… Pete Resnick
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Olafur Gudmundsson
- Re: Rude responses (Was: Last Call: <draft-ietf-s… Scott Brim
- Re: Rude responses (Was: Last Call: <draft-ietf-s… Thomas Narten
- Re: Rude responses (Was: Last Call: <draft-ietf-s… Pete Resnick
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Murray S. Kucherawy
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… John Levine
- Re: Rude responses (Was: Last Call: <draft-ietf-s… Barry Leiba
- RE: Rude responses (Was: Last Call: <draft-ietf-s… l.wood
- The Last Call social contract (was - Re: Rude res… Dave Crocker
- RE: The Last Call social contract (was - Re: Rude… l.wood
- RE: The Last Call social contract (was - Re: Rude… Dave Cridland
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Jelte Jansen
- Visibility of shepherd writeup Carsten Bormann
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… John Levine
- Re: The Last Call social contract (was - Re: Rude… Scott Brim
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… S Moonesamy
- Re: The Last Call social contract (was - Re: Rude… Dave Crocker
- Last Call: <draft-ietf-spfbis-4408bis-19.txt> (Se… Douglas Otis
- Re: The Last Call social contract (was - Re: Rude… Hector Santos
- Re: The Last Call social contract (was - Re: Rude… S Moonesamy
- Re: The Last Call social contract (was - Re: Rude… Phillip Hallam-Baker
- Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt>… S Moonesamy
- Re: Rude responses (Was: Last Call: <draft-ietf-s… Abdussalam Baryun
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Jelte Jansen
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… John R Levine
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Jelte Jansen
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… John R Levine
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Jelte Jansen
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Jelte Jansen
- Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt>… Douglas Otis
- Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt>… Scott Kitterman
- Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt>… Douglas Otis
- Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt>… Scott Kitterman
- Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt>… Douglas Otis
- Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt>… Scott Kitterman
- Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt>… S Moonesamy
- Overloaded TXT harmful (was" Re: [spfbis] Last Ca… John C Klensin
- Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt>… Joe Abley
- Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt>… S Moonesamy
- Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bi… Pete Resnick
- Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt>… S Moonesamy
- Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt>… Patrik Fältström
- Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt>… Dave Crocker
- Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt>… Scott Kitterman
- Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt>… Mark Andrews
- Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt>… John C Klensin
- Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt>… Dave Crocker
- Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt>… John C Klensin
- Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt>… Phillip Hallam-Baker
- Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt>… Dan Schlitt
- Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt>… Phillip Hallam-Baker
- Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt>… John Levine
- Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt>… David Conrad
- Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt>… Phillip Hallam-Baker
- Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt>… S Moonesamy
- Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt>… S Moonesamy
- Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt>… Douglas Otis
- Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt>… Douglas Otis
- Macro Expansion (was: Last Call: <draft-ietf-spfb… S Moonesamy
- Re: Macro Expansion (was: Last Call: <draft-ietf-… Douglas Otis
- Re: Macro Expansion Pete Resnick