On Wed 07/Jul/2021 07:33:57 +0200 Roland Turner via dmarc-discuss wrote:
On 7/7/21 2:57 am, John Levine via dmarc-discuss wrote:
It appears that Alessandro Vesely via dmarc-discuss <ves...@tana.it> said:
I'd suggest that a resolution to this might be to expand the finite limit (I've
also had trouble with the 10 lookup limit, even for a small organisation),
Why do organizations need more than 10 lookups? Do they have a choice of
several smart hosts? (And the latter need, to avail of reputed smart hosts,
keeps looking to me like a DMARC failure.)
Because they contract out their mail to several providers and include all those
providers' SPF records. I agree that many of those providers use too many
records
(e.g., _spf.google.com is four records that easily could have been one) but you
can't legislate being smart.
Yes, precisely that.
If I outsourced my mail to google (to stick to the example) what other
providers' SPF record do I have to include? Oh yes, John said "to several
providers". Why does one need more than one provider, then?
I understand that people have multiple email addresses each. However, a single
address should correspond to a single provider, no? Do their MX also point to
multiple providers?
How many are the domains in this state?
An "SPF compiler" could gather a ton of addresses and dynamically assign
them to the.only.a.mechanism.U.need.example.com.
It could, but it'd be a lot easier to find the constant "10" in your SPF library
and change it to something like 50. While you're at it, get rid of the empty
result limit which screws up IPv6 checks.
+1
+½, for the empty result limit.
Dmarcian has a good SPF compiler already. It is somewhat unpractical, as you'd
need to copy its result to your zone file, and repeat that operation as often
as needed. It doesn't sound awful to call it from a cron job.
It is easier to adapt existing software to your special needs than change the
rest of the world.
Best
Ale
--
_______________________________________________
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
