On Mon, Nov 21, 2022 at 2:00 PM Taejoong (tijay) Chung via mailop < mailop@mailop.org> wrote:
> Greetings, > > The Sender Policy Framework (SPF) is an easy way to check whether the > sender is authorized to send emails – however, it may cause some security > holes if it causes too many DNS lookups. > > Together with researchers from Virginia Tech and Max-Planck-Institut für > Informatik, we would like to understand which challenges operators face > when configuring the proper limit of DNS queries for SPF lookups and when > deploying other email security protocols. > > > I'm not quite sure I understand the premise behind the survey, and since I don't manage email for any domain, I can't realistically take part in the survey to learn the premise, so I'll try here. The proper limit of DNS queries for SPF lookups is ten, per RFC 7208, and *should* be baked into any code library used by an operator that is doing SPF validation on inbound mail, so I don't see them facing challenges here. On the other hand, staying under the limit of ten for domains publishing SPF records can be quite a challenge for complex organizations using multiple services to send their email, and while there are known ways to skin that cat, there isn't a universally adopted method for doing so. Is the survey investigating problems faced by operators doing SPF validation or operators publishing SPF records or both? -- *Todd Herr * | Technical Director, Standards and Ecosystem *e:* todd.h...@valimail.com *m:* 703.220.4153 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
