IETF Logo Mail Archive

Re: [spfbis] Fwd: RFC 7208 SPF - 4.6.4. DNS Lookup Limits increase

John R Levine <johnl@taugh.com> Sun, 24 April 2022 20:11 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: spfbis@ietfa.amsl.com
Delivered-To: spfbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FD963A1702 for <spfbis@ietfa.amsl.com>; Sun, 24 Apr 2022 13:11:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=SypFDdw2; dkim=pass (2048-bit key) header.d=taugh.com header.b=nU1A8+YN
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QiCmSUWbWDb4 for <spfbis@ietfa.amsl.com>; Sun, 24 Apr 2022 13:11:42 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 772233A1701 for <spfbis@ietf.org>; Sun, 24 Apr 2022 13:11:42 -0700 (PDT)
Received: (qmail 91068 invoked from network); 24 Apr 2022 20:11:38 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=163ba.6265aefa.k2204; bh=IVukC4Ig22nG357Xy09RxaQ3HAUA8toIInxN28zaqC8=; b=SypFDdw23HrH1HkRZySoIBHfauNOh/CjrU1Cq30hKCnRYDMA++IKzYH5jg1T9Q6E4Hnszv0944GZbwvC3HA2AGKtzAbFZ4kxhl3OrDRBGUPubFJ+YlRRL0fZ48RN5p+lqiVAA+n5awQOFatWmcvxtGjY0ZrGs2gIykQFLLG1Ebj9C9BG4SipuKh0zPOS7ECB8S8KP96Gisa930X9zF9bGDjDCTZuEWOEb44EheyqkQmWAtirpKPGrCUpGki5PmwGDxFg6PJY+4WoF596roxfZ/kmPqtPB8otE+rbCO6Q3kbce66VUFfZmhooLJhMZkndIN9mNsknYj9cvpwNlqU3Sg==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=163ba.6265aefa.k2204; bh=IVukC4Ig22nG357Xy09RxaQ3HAUA8toIInxN28zaqC8=; b=nU1A8+YNA0S8A3YgfEiuMEDSuZDgtjR2NFUgsnku3O2nmUSMa8LgKGbhn1in7XDoTs5ke8rLshXojqYeq+vT/+MRRPkvm8GpS/v3w3/cY/lM06TITLbt3/EKZCkDNge4pJjZJvoR4uikb4eN5XEa7QhYqnr/EmpzA26rbQ1nHXWltbz/7E1t6+qv5QsUxyIlLxn67yc/ucunxAxAaGOF+DCkTjZ3UM5XeHz4BUPFXKGAfJpih1IYoUDKxpuaxec/UGNoXDrN0ZnAjqHW/EhyzuPFNbF1GTgkvHV3cUHrWnJTgpn8jBow3us1F0cThEU9SgNu3KPCkxBG6jpwuZOSCA==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 24 Apr 2022 20:11:37 -0000
Received: by ary.qy (Postfix, from userid 501) id 54AA53E72FDF; Sun, 24 Apr 2022 16:11:36 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by ary.qy (Postfix) with ESMTP id DBED43E72FC1; Sun, 24 Apr 2022 16:11:36 -0400 (EDT)
Date: Sun, 24 Apr 2022 16:11:36 -0400
Message-ID: <bf5fcdd7-0695-9f95-0a88-3900a54100cc@taugh.com>
From: John R Levine <johnl@taugh.com>
To: Simon Gnieslaw <simon@gnieslaw.com>
Cc: spfbis@ietf.org
X-X-Sender: johnl@ary.qy
In-Reply-To: <CABi22cfx8-=zR4a3dttAcmqKz06FLNRdhay_1fUJdW4UoA4MTQ@mail.gmail.com>
References: <CABi22cc9kTSti_HjyKO0XtdcGSXzjwUeqWs0bu_zoT9nBDTbnQ@mail.gmail.com> <20220424173704.303293E71A33@ary.qy> <CABi22cfx8-=zR4a3dttAcmqKz06FLNRdhay_1fUJdW4UoA4MTQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spfbis/VjsUFjqdk4RoCscNZjeMfITwhXQ>
Subject: Re: [spfbis] Fwd: RFC 7208 SPF - 4.6.4. DNS Lookup Limits increase
X-BeenThere: spfbis@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SPFbis discussion list <spfbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spfbis>, <mailto:spfbis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spfbis/>
List-Post: <mailto:spfbis@ietf.org>
List-Help: <mailto:spfbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spfbis>, <mailto:spfbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Apr 2022 20:11:49 -0000

On Mon, 25 Apr 2022, Simon Gnieslaw wrote:

> Thanks for the reply John,
>
> I am primarily a sysadmin and therefore my focus to put in a solution which
> is for the most part just set and forget.

To put this a wee bit cynically, I want *other* people to do work so *I* 
don't have to.

Even if the IETF were to revise RFC 7208, which is not going to happen any 
time soon, it would be a long time before people changed their software. 
If you remember the type 99 SPF record introduced by RFC 4408, after a 
decade approximately nobody had implemented it so we took it out of RFC 
7208.  I don't see why an updated lookup limit would be implemented any 
faster.

In my DNS setup, I have scripts that run periodically to update my DNS to 
get the effect of an extended ANAME and do monthly RRSIG updates.  My SPF 
records are all pretty simple but if they weren't, I'd flatten them.  It 
was a modest amount of work to set up, but now it's all automatic, runs 
about once a day and sends me reports that I can generally ignore.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

v2.23.0 | Report a Bug | By Email