Re: draft-iab-dns-choices-02.txt comments

[wayne <wayne@schlitt.net>]

In <Pine.LNX.4.44.0506101721030.10061-100000@localhost.localdomain> Dean Anderson <dean@av8.com> writes:

> 1.Abuser can still forge addresses at domain
> 2.Abuser can use stolen credential

These are out of scope for this list.

> 3.DNS cache problems (more records per domain, same cache size)

This is a choice that receivers can decide on.  If they don't think
the additional DNS cache is worth it, then don't use SPF checks.

> 4.DNS load (more records per domain)

This, indeed, is a problem that I wish didn't exist.  Domain owners
that don't want to deal with SPF will still receive DNS queries.  The
only thing I can suggest is to publish an SPF record that has a very
long TTL which says "v=spf1 ?all".

For domain owners that do want to publish SPF records, then that is
their choice to have more records.

> 5.Ongoing Maintenance issues
> 6.Migration issues
> 7.IP Renumbering issues

Again, this is up to the domain owners who choose to publish SPF
records.  SPF does have quite a few features that make these less of
an issue, at the expense of increased DNS loads.  The choice is up
tothe domain owner.

> 8.Lost non-spam emails
> 9.Lack of universal compliance.*
> 10.Not a basis for trust/reduced filtering
> 11.Makes forgery blowback problem much worse
> 12.Patent issues
> 13.spam-profiteering / charges for SPF services
> 14.Email Source Routing 
> 15.Outbound SMTP Relay Identification

These are out of scope for this list.



The things that are in scope for this list are reasons why I have
twice, without being asked, asked for reviews of the SPF I-D here.  If
it was up to the IESG, no review would have been done here.


-wayne


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>