Re: [spfbis] Fwd: RFC 7208 SPF - 4.6.4. DNS Lookup Limits increase
John Levine <johnl@taugh.com> Sun, 24 April 2022 17:37 UTC
Return-Path: <johnl@iecc.com>
X-Original-To: spfbis@ietfa.amsl.com
Delivered-To: spfbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FE3A3A0028 for <spfbis@ietfa.amsl.com>; Sun, 24 Apr 2022 10:37:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.861
X-Spam-Level:
X-Spam-Status: No, score=-1.861 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=2VssQoDg; dkim=pass (2048-bit key) header.d=taugh.com header.b=ofHvN5jH
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wtHpjb9I3VGD for <spfbis@ietfa.amsl.com>; Sun, 24 Apr 2022 10:37:08 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4E013A1810 for <spfbis@ietf.org>; Sun, 24 Apr 2022 10:37:07 -0700 (PDT)
Received: (qmail 63965 invoked from network); 24 Apr 2022 17:37:05 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=f9da.62658ac1.k2204; bh=/ThfrHxWUCYg+ScgTKxY+L3gevknf16mF4y5RpSjKa8=; b=2VssQoDgSNTtXiluhStsYJiMyg/TVk+Srs+H8Z63rY+L4lOD+GSYhWGCOSPCqnCSoyohDzuZC1ndgdVf0AYiTcl2HCGza6r7ryGgNrzDF1D5Y3ma9HKIB8snu+xT7qWi8aJs/772kJstO+SmrAhkH4LgiXtOVMei4Yw1Ndx+dQLzrT202LzMXxUQEoyZfoR08fm9b1Rf0bdGyrbOE0WkslDktzRkyPL0UoajspPgr1PX5OnQjbPr56yECJldPcS11virHN4mF16RVo78wK/K8dR1Lu3cKCFz59b4S5UC8SdbJOYsfCTt82mxAgeRfZPtQnqe07LacjFcZxSfkYvVwQ==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=f9da.62658ac1.k2204; bh=/ThfrHxWUCYg+ScgTKxY+L3gevknf16mF4y5RpSjKa8=; b=ofHvN5jHCG7u+/sycz7TwD/YFVEdYYhh5e8fa6owmO609I17hht693lJZCu6212RoYv1CR1/BfVy63Q/veWpOQYwjkH7pGR1hNjSleuHtVDw9aXIZma4/0ncNppW8DujolDtNWSsBP4/1meuaLh5w2Fc0znaEcKRp7SqbHGca7dn08pVX7VxA3aKnie9IwQJtaBgZDOdImbvD2vuKx2T7GN1lWRi8K1gaOn7ki0Sq+GS8r9KT+ffYJN8KWBMoKXJC6Hv2SHRSzU73C1hKAiPVQWaBmFRJB/BzxftZqZRRIN/geVG2ir/JJHI/XW5+ArqDTESMnplr+2fyI2l8QkS4w==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 24 Apr 2022 17:37:04 -0000
Received: by ary.qy (Postfix, from userid 501) id 303293E71A33; Sun, 24 Apr 2022 13:37:03 -0400 (EDT)
Date: Sun, 24 Apr 2022 13:37:03 -0400
Message-Id: <20220424173704.303293E71A33@ary.qy>
From: John Levine <johnl@taugh.com>
To: spfbis@ietf.org
Cc: simon@gnieslaw.com
In-Reply-To: <CABi22cc9kTSti_HjyKO0XtdcGSXzjwUeqWs0bu_zoT9nBDTbnQ@mail.gmail.com>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/spfbis/ERihciNeL7S_RYmjRuKfAEH_sDs>
Subject: Re: [spfbis] Fwd: RFC 7208 SPF - 4.6.4. DNS Lookup Limits increase
X-BeenThere: spfbis@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SPFbis discussion list <spfbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spfbis>, <mailto:spfbis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spfbis/>
List-Post: <mailto:spfbis@ietf.org>
List-Help: <mailto:spfbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spfbis>, <mailto:spfbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Apr 2022 17:37:13 -0000
It appears that Simon Gnieslaw <simon@gnieslaw.com> said: >Basically I just have a small issue with "4.6.4. DNS Lookup Limits" >limited to just 10 lookups. I agree that if we were designing SPF now we would probably make the limit larger. But there are currently no plans to update RFC 7408 so it's not likely to change any time soon. If you care about this, it is not hard to fix. The excess lookups are invariably due to nested includes, so if you flatten the records, you're well under the limit. There are lots of packages to do the flattening automatically, e.g.: https://pypi.org/project/sender-policy-flattener/ https://pypi.org/project/cfspflat/ https://github.com/spf-tools/spf-tools R's, John
- [spfbis] Fwd: RFC 7208 SPF - 4.6.4. DNS Lookup Li… Simon Gnieslaw
- Re: [spfbis] Fwd: RFC 7208 SPF - 4.6.4. DNS Looku… John Levine
- Re: [spfbis] Fwd: RFC 7208 SPF - 4.6.4. DNS Looku… John R Levine
- Re: [spfbis] Fwd: RFC 7208 SPF - 4.6.4. DNS Looku… Scott Kitterman
- Re: [spfbis] Fwd: RFC 7208 SPF - 4.6.4. DNS Looku… Simon Gnieslaw
- Re: [spfbis] Fwd: RFC 7208 SPF - 4.6.4. DNS Looku… Simon Gnieslaw
- Re: [spfbis] Fwd: RFC 7208 SPF - 4.6.4. DNS Looku… John R Levine
- Re: [spfbis] Fwd: RFC 7208 SPF - 4.6.4. DNS Looku… Måns Nilsson
- Re: [spfbis] Fwd: RFC 7208 SPF - 4.6.4. DNS Looku… John Levine