IETF Logo Mail Archive

Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bis-19.txt> (Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1) to Proposed Standard

Patrik Fältström <paf@frobbit.se> Wed, 21 August 2013 10:15 UTC

Return-Path: <paf@frobbit.se>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3F3A11E81D4 for <ietf@ietfa.amsl.com>; Wed, 21 Aug 2013 03:15:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.887
X-Spam-Level:
X-Spam-Status: No, score=-1.887 tagged_above=-999 required=5 tests=[AWL=-0.187, BAYES_00=-2.599, J_CHICKENPOX_34=0.6, MIME_8BIT_HEADER=0.3, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n0TdLEUNKq1S for <ietf@ietfa.amsl.com>; Wed, 21 Aug 2013 03:15:22 -0700 (PDT)
Received: from mail.frobbit.se (mail.frobbit.se [IPv6:2a02:80:3ffe::176]) by ietfa.amsl.com (Postfix) with ESMTP id 3799611E81C3 for <ietf@ietf.org>; Wed, 21 Aug 2013 03:15:22 -0700 (PDT)
Received: from [IPv6:2a02:80:3ffc::12] (unknown [IPv6:2a02:80:3ffc::12]) by mail.frobbit.se (Postfix) with ESMTPA id 5F5AA23F76; Wed, 21 Aug 2013 12:15:21 +0200 (CEST)
Content-Type: multipart/signed; boundary="Apple-Mail=_13484E25-8FE3-4E70-94AF-A299313E02CA"; protocol="application/pgp-signature"; micalg="pgp-sha1"
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
Subject: Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bis-19.txt> (Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1) to Proposed Standard
From: Patrik Fältström <paf@frobbit.se>
In-Reply-To: <64700EE4-85B3-4179-904A-885770C6BBF4@virtualized.org>
Date: Wed, 21 Aug 2013 12:15:21 +0200
Message-Id: <7F8D4DA5-F80B-432B-8231-5B40ADB61783@frobbit.se>
References: <20130819150521.GB21088@besserwisser.org> <20130819160549.61542.qmail@joyce.lan> <20130819190533.GA30516@besserwisser.org> <4751241.GTNxysAlzm@scott-latitude-e6320> <B443E973-858A-4958-964B-B0F0FBDF5A7A@virtualized.org> <CAMm+LwhcHOeUv0iqZmZ6wX-jOD1r-mRR0x8sbxaKrsU3k4CNBQ@mail.gmail.com> <20130821040003.GL607@mx1.yitter.info> <64700EE4-85B3-4179-904A-885770C6BBF4@virtualized.org>
To: David Conrad <drc@virtualized.org>
X-Mailer: Apple Mail (2.1508)
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Aug 2013 10:15:22 -0000

On 21 aug 2013, at 09:17, David Conrad <drc@virtualized.org> wrote:

> On Aug 20, 2013, at 9:00 PM, Andrew Sullivan <ajs@anvilwalrusden.com> wrote:
>> The WG had a hard time coming up with really good data about what validators look for, ... If someone else with some busy nameservers wants to provide different evidence now, it wouldn't hurt.
> 
> Out of morbid curiosity, I just looked at the logs from my name server (which has both TXT and SPF RRs but which is very, very far from being busy) with a quick perl hack:
:
:
:
> totals: spf: 1389, txt: 19435, 7.146900%
> 
> (the numbers are queries since the name server last restarted/dumped stats)
> 
> Will look for better data than my measly little name server.

I have been looking at the queries to one of the nameservers that Frobbit runs (which is authoritative for quite a number of zones, although not GoDaddy), and a tcpdump for a while today gives the following data:

$ /usr/sbin/tcpdump -nr dns.pcap | grep 'SPF?' | wc -l
reading from file dns.pcap, link-type EN10MB (Ethernet)
tcpdump: pcap_loop: truncated dump file; tried to read 271 captured bytes, only got 95
1105
$ /usr/sbin/tcpdump -nr dns.pcap | grep 'TXT?' | wc -l
reading from file dns.pcap, link-type EN10MB (Ethernet)
tcpdump: pcap_loop: truncated dump file; tried to read 94 captured bytes, only got 18
2819

I.e. 2819 queries for TXT while there was 1105 for SPF resource record.

Now, I have no idea whether all of those queries for TXT was only for the SPF usage of TXT of course, but this gives it was at least 28% of (TXT+SPF)-queries that was for SPF.

Deprecating something that is in use that much just does not make any sense.

   Patrik

v2.23.0 | Report a Bug | By Email