[Mimedefang] SPF record type - was Re: Only MX record is fake

kd6lvw at yahoo.com kd6lvw at yahoo.com
Fri Nov 18 20:50:58 EST 2011


--- On Fri, 11/18/11, Kevin A. McGrail <KMcGrail at PCCC.com> wrote:
> The RR type is ONLY a forward path and the RFC is so
> non-strict that SPF is likely going to be seen in TXT
> records for at least a decade if even really gone.  And
> I know that MANY major players that perform outsourced DNS
> uses TXT.
> 
> As noted in the RFC, even the examples in the RFC still use
> TXT and theoretically should have both RR and TXT but it's a
> SHOULD in rfc-ease which is overrun by the MUST have one
> type which means that client implementations MUST check both
> RR and TXT.

The RFC also states that the use of TXT-RRs was a temporary measure for rapid deployment purposes until its own RR-type could be secured.  The IANA allocated type 99 to the SPF-RR in late 2005 (prior to the release of the RFC).  The RFC itself was issued in April 2006, and today is a little more than 5.5 years later.  Temporary does not mean 5+ years.  Within the RFC itself, it meant "long enough" for there to be widespread support of the new allocation.  BIND added support in the fall of 2006.

There are still some (e.g. Verizon, an ISP) who query ONLY for TXT-RRs.  Per RFC 4408 itself, modern deployments should be querying for SPF-RRs first (and only seek TXT-RRs if no SPF-RR is found).  Clearly, the use of any "transitional mechanism" (i.e. TXT-RRs) has expired by now.

The fact that the RFC has examples using the TXT-RR-type is not controlling, nor does it contradict the temporary nature of such usage.  By calling the usage of TXT-RR's "not optimal" (cf. Section 3.1.1), the temporary nature is revealed....

RFC 4408, section 7 has been superseded by RFC 5451 even though the IETF doesn't explicitly show such a linkage (i.e. "updated by").



More information about the MIMEDefang mailing list