Re: [spfbis] Proposed spf TXT record change

Alessandro Vesely <> Fri, 12 February 2016 10:16 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 1D4131B42D2 for <>; Fri, 12 Feb 2016 02:16:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.423
X-Spam-Status: No, score=-2.423 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Zwg64rNOQCca for <>; Fri, 12 Feb 2016 02:16:52 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3B1421B42D3 for <>; Fri, 12 Feb 2016 02:16:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=beta; t=1455272207; bh=RYV3W0igBero/950l+WCY7swHJrN6kcOO3tf440Vgv8=; l=1883; h=To:References:From:Date:In-Reply-To; b=H+QCu/J0us34B807PrYKv8JWbF2XNJxnopNQ9uLpMgbU/G2dn7BjoI6XFNJ7CGP6s xlgyA9+XtG3H2pkazWZPOo8qStXzk7xTl5ejVY519iDqv0EFeImFBzgzvNSEkuT2cE W4CNXy6fFi+OjA8JnJvTbtM0FPASSkUFleJq+R2Q=
Authentication-Results:; auth=pass (details omitted)
Received: from [] (pcale.tana []) (AUTH: CRAM-MD5 uXDGrn@SYT0/k) by with ESMTPA; Fri, 12 Feb 2016 11:16:47 +0100 id 00000000005DC050.0000000056BDB10F.0000269F
References: <20160210022525.98482.qmail@ary.lan> <> <> <>
From: Alessandro Vesely <>
Message-ID: <>
Date: Fri, 12 Feb 2016 11:16:47 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.5.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Archived-At: <>
Subject: Re: [spfbis] Proposed spf TXT record change
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SPFbis discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 12 Feb 2016 10:16:54 -0000

On Fri 12/Feb/2016 00:42:48 +0100 Scott Kitterman wrote:
> On February 10, 2016 2:32:50 PM EST, "Stuart D. Gathman" <>; wrote:
>> On Tue, 9 Feb 2016, Roy A. Gilmore wrote:
>>> Why should it matter if I'm a decade too late? If I'm right (and I'm 
>>> not saying that I am), why shouldn't the behavior be changed.
>> As a pyspf developer, the _spf idea is *not* trivial to implement. The SPF
>> RR is trivial to implement.
>> If you can convince DNS server providers to operate correctly for unknown
>> RR types (or failing that, to recognize SPF RR), and convince lots of
>> people to publish both, then a switch could be reconsidered.  Especially
>> if there is a new backward incompatible SPF version.
> I think a backward incompatible update is exactly the right time to
> reintroduce use of the SPF RR.  I think I can even describe much of what an
> update should contain:
> - Combine a:, ip4:, and ip6: into a single mechanism (in retrospect there
>   was no need to make them separate and combining would simplify things)
>  - Drop the PTR mechanism entirely
>  - Drop (or possibly radically simplify macros)

Those considerations don't have to be simultaneously valid for both the binary
on-the-wire format and the format used for declarations.  Records could be
compiled from high level directives.

> I personally doubt it would get a lot of deployment, but that kind of
> incompatible update is what the SPF RR type should be used for.

Whenever such an incompatible update will be needed, that is.  Paraphrasing
Roy, why should it matter if it will not arise within a decade?

> In any case, I think the new RR type is a better idea than _spf.

One doesn't preclude another.  Possibly related to _spf, looking up helo
records by administrative domain --à la DMARC-- would greatly simplify deployment.