Re: [secdir] draft-ietf-spfbis-4408bis-14

S Moonesamy <> Fri, 26 April 2013 17:25 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 207E621F984C; Fri, 26 Apr 2013 10:25:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -102.149
X-Spam-Status: No, score=-102.149 tagged_above=-999 required=5 tests=[AWL=0.450, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ZS0lfGetaLsE; Fri, 26 Apr 2013 10:25:39 -0700 (PDT)
Received: from ( [IPv6:2001:470:f329:1::1]) by (Postfix) with ESMTP id 6CF7C21F9832; Fri, 26 Apr 2013 10:25:39 -0700 (PDT)
Received: from ([]) (authenticated bits=0) by (8.14.5/8.14.5) with ESMTP id r3QHPHoC017907 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 26 Apr 2013 10:25:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=mail2010; t=1366997131; bh=T0/tmdL/jbVwndZ5x3yxecmWKIGXhkyzpLa+ZF8c7LA=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=b9mVwHoP9BAGFGQJsbx9e/JKYZbE26jO2IjPr22DuLCAYo2S5s/2+Ns8CGZefIVeN kWuj2NHnhsa8YT7XE1SXCc2zk140n2Xj05MiD1dBuwvfFvYDxbdBEy+/LIDsm04nL5 9nl+tESEvRUfwAo4u03jS4nNOpXkkCys9cnB9rI0=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=mail; t=1366997131;; bh=T0/tmdL/jbVwndZ5x3yxecmWKIGXhkyzpLa+ZF8c7LA=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=TUIfTDRBPDH/WPh4T/2p+D1Mv4u1Y1fqXMWoAd651eLcNKtBRc5Rzhuel8MQvLnWH n45xhxTjU4OeX6yX5fwCenCIZDcKWiw0QWJ3Bj1+PifdvZchN7s4aRSV2wfeqjSHk4 OlDj3FK8fGyQosjwBKE51QbB1nFSnaUacBlQH200=
Message-Id: <>
X-Mailer: QUALCOMM Windows Eudora Version
Date: Fri, 26 Apr 2013 10:16:35 -0700
To: Phillip Hallam-Baker <>
From: S Moonesamy <>
In-Reply-To: <CAMm+LwjoH77H9cRQseQF09rDLwjtViZW_tGp71v0-WaZujoYtA@mail.g>
References: <>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Mailman-Approved-At: Sun, 28 Apr 2013 08:09:59 -0700
Subject: Re: [secdir] draft-ietf-spfbis-4408bis-14
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 26 Apr 2013 17:25:40 -0000

Hi Phillip,
At 09:58 26-04-2013, Phillip Hallam-Baker wrote:
>I have reviewed this document as part of the security directorate's
>ongoing effort to review all IETF documents being processed by the
>IESG.  These comments were written primarily for the benefit of the
>security area directors.  Document editors and WG chairs should treat
>these comments just like any other last call comments.
>The document is clear and describes the SPF mechanism effectively. 
>The only quibble that I could find is that repeated mentions are 
>made of limiting the number of 'DNS queries' without specifying 
>whether these are individual queries or recursive. The count will 
>come out rather differently if looking up 
>TXT/<> counts as one lookup or 
>three. I think it is reasonably clear that this is one but could not 
>find an explicit statement to that effect.
>On the security side, the document addresses all the mail issues 
>that I can remember at this point and rather more besides.
>I think we have reached the point of diminishing returns.
>The document provides a clear enough warning to people configuring 
>SPF records as to the consequences of getting it wrong which is the 
>main concern. The filtering services will know their business well 
>enough to minimize false positives.
>Hopefully the email infrastructure will evolve over time towards 
>concentrating on the more policy friendly approaches and it will be 
>possible to simplify the mechanism at a future date.

Thanks for the review.  I'll wait for the WGLC comments to be 
addressed before getting back to you about the quibble mentioned above.

S. Moonesamy (as document shepherd)