[Greylist-users] Postfix?

[Franck Arnaud]

Bob Apthorpe:

> Contrast this with Microsoft's broken Caller-ID protocol which does

I hate to defend Microsoft but: first, the trick of putting 
the TXT on a special subdomain is a safer way to do TXT 
hijacking, while keeping the advantages of TXT hijacking.
It's a pity SPF did not think about this trick.

> effectively the same thing except a) you need to extract info from the
> message headers, meaning you can't reject mail before the DATA phase,
> and

Why? They suggest checking the header, but as far as I can see 
the info published with the MS scheme is the same as SPF, so 
it can be used for MAIL FROM, as can SPF be used for header 
checking.

> b) the records are XML stuffed in DNS. This is bad for two reasons:
> First, the overhead of XML means the response probably won't fit in a
> UDP packet,

The typical entry is about (50 + 15 * number_of_ip_not_in_mx) 
bytes. Not concise, but it will fit in a DNS UDP packet (500-ish is 
the mandatory minimum acceptable size I think) for normal sites with 
a few outgoing servers.

For domains with many senders, there's a (arguably ugly) trick to 
split that into several subdomain using <indirect>, so it will 
always fit in UDP if needed.

> Second, no doubt Microsoft will keep the XML DTD proprietary to prevent
> open implementations, following their Office XML DTD model.

They're not complete idiots. They need other people to put this 
info on their domains. The standard with the schema is here:

http://www.microsoft.com/mscorp/twc/privacy/spam_callerid.mspx

Overall, it's not particularly nice, but it's OK.