Dňa 23. novembra 2022 14:32:51 UTC používateľ "Taejoong (tijay) Chung via mailop" <mailop@mailop.org> napísal:
>Yes. As Tobias explained, we can observe certain phenomena (e.g., some mail >servers look up SPF records more than 100 times) from data, but we don't >know *why* it happens; we have interviewed around 5~10 mail operators >individually, which were great but hard to scale, thus we thought that >survey would be useful. Nobody maintaining own mail service will have troubles with limit 10. My SPF record, for example requires only 1 DNS lookup (record itself), as it contains only IP addresses. If someone have problem with that limit (10), he must take into account, that rising this limit will increase used resources on receiving side and i have feel, thet they do not care, as count of DNS lookups is not something, what bother sending side... Consider, that 10 DNS lookups on 1 000 messages can be 10 000 DNS lookups. And what those who are receiving millions messages or more? Sure, plain DNS lookups are cheap, especially with local cache -- until someone "smart" will not set 60s TTL for these records. And i afraid, that exactly these, who have problem with current limit, will be "smart". And with DNSSEC the DNS lookups are not cheap anymore, or more precise the validation is not cheap. Anyway, using SPF on shared environment is something, what negates SPF purpose at all, as anyone from that shared provider can succesfuly pass SPF for any other domain in it (sharing the same TXT records). Thus in these shared services is SPF mostly cosmetic or part of PR/marketing only. Whole result then depends only on that, if particular provider checks spoofing from own customers, which is a) not published and b) moves trust to smewhere else. regards -- Slavko https://www.slavino.sk/ _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
