In <[EMAIL PROTECTED]> Douglas Otis <[EMAIL PROTECTED]> writes:
>
> Check paypal's existing SPF records...
>
> $ dig paypal.com TXT
> ;; Truncated, retrying in TCP mode.
>
> ;; MSG SIZE rcvd: 477
>>>> ---
Weird. I get 413 bytes and no fallback to TCP.
> Disney indicated their inability to fit all of their IP addresses within
> SPF records as well. Clearly SPF represents data structures far too
> large for safely publishing with DNS. SPF scripts do not reduce the
> record size as Andras suggested. In this case, SPF with TCP fallback
> makes paypal.com prone themselves.
huh...
([EMAIL PROTECTED]) $ host -t txt disney.com
disney.com TXT "v=spf1 mx -all"
looks like they don't have a problem fitting.
You can always publish SPF records along the lines of:
"v=spf1 exists:%{ir}._whitelist.large-domain.com -all"
This creates a DNSBL-type lookup. As I'm sure you are quite aware,
DNSBLs can scale to very large sizes. This will cost one extra DNS
lookup. If you want to optimize it, you can use the ip4: mechanism to
list your most common sending IP addresses at the beginning.
-wayne
.
dnsop resources:_____________________________________________________
web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html
mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
