franck at nenie.org
Tue Mar 2 08:48:04 PST 2004
> Contrast this with Microsoft's broken Caller-ID protocol which does
I hate to defend Microsoft but: first, the trick of putting
the TXT on a special subdomain is a safer way to do TXT
hijacking, while keeping the advantages of TXT hijacking.
It's a pity SPF did not think about this trick.
> effectively the same thing except a) you need to extract info from the
> message headers, meaning you can't reject mail before the DATA phase,
Why? They suggest checking the header, but as far as I can see
the info published with the MS scheme is the same as SPF, so
it can be used for MAIL FROM, as can SPF be used for header
> b) the records are XML stuffed in DNS. This is bad for two reasons:
> First, the overhead of XML means the response probably won't fit in a
> UDP packet,
The typical entry is about (50 + 15 * number_of_ip_not_in_mx)
bytes. Not concise, but it will fit in a DNS UDP packet (500-ish is
the mandatory minimum acceptable size I think) for normal sites with
a few outgoing servers.
For domains with many senders, there's a (arguably ugly) trick to
split that into several subdomain using <indirect>, so it will
always fit in UDP if needed.
> Second, no doubt Microsoft will keep the XML DTD proprietary to prevent
> open implementations, following their Office XML DTD model.
They're not complete idiots. They need other people to put this
info on their domains. The standard with the schema is here:
Overall, it's not particularly nice, but it's OK.
More information about the Greylist-users