netbsd-users: Re: INEXPENSIVE way to get reverse DNS records

Subject: Re: INEXPENSIVE way to get reverse DNS records
To: Steven M. Bellovin <smb@cs.columbia.edu>
From: Claus Andersen <clan@wheel.dk>
List: netbsd-users
Date: 11/14/2006 09:58:24
On Mon, 13 Nov 2006, Steven M. Bellovin wrote:

> Last, if your religion believes in SPF records (mine doesn't; it
> classifies SPF records as sinful), create one that lists

Quite a bit off-topic but I cannot help getting intrigued when someone 
who(m?)s opinion I respect classifies something as "sinful". This made me 
look further into why SPF could be considered bad and found that you are 
one of the more often quoted sources against SPF:
news://news.gmane.org./6.0.1.1.2.20040105081256.03788ec0@ux13.sp.cs.cmu.edu

As a recent convert I had enough of a clue to know that TXT records are 
bad, I had accepted it as an unfortunate prelude for the real thing: The 
SPF records. And with RFC 4409 (Submission Agents/MSAs) the roaming 
concerns are more or less covered. I like SPF because it makes it a little 
harder to forge mail.

Re-reading the above objections however made me wonder whether some of the 
more important objections still are valid:
1) Specmanship - has the specs improved during the last two years or
    are people just leaping into implementation?
2) The TXT records are clearly and obviously a very bad idea. Has the
    situation then improved by introducing the SPF records or is is it
    still a flawed record with a new name?
3) It seems that there should be some substantial concern over the format
    of the Received-SPF header line. Has this improved in any way?

These important questions raised a couple of years ago does not really 
seem to be adressed anywhere (at my googalability level).

I was aware of:
http://www.openspf.org/objections.html
They handle some of the objections quite nicely but I think that 
"Forwarding and Return-Path." is rather glossed over. And even a little
worried that a objection is more of less discarded as degenerate:
       "It's interesting to note that this is a degenerate version of
       source routing which was deprecated years ago".

They do however link you to Jonathan de Boyne Pollard in an attempt to 
balance their views:
http://homepages.tesco.net/J.deBoynePollard/FGA/smtp-spf-is-harmful.html

Jonathan's main beef however seems to be that people keep trying to extend 
SMTP in ways that wasn't originally intended or envised and the world 
should instead move on to greener pastures (IM2000). While some of his 
arguments most certainly have merit I do not find his alternative 
pleasing; A replacement for SMTP is not a bad idea per se but IM2000 is 
not the way to go in my mind (I even like X.400 better apart from the 
adressing scheme).

Converts usually defends their new religion most vigorously so in my case 
I might instead be considered on the fence ;-) If SPF should be considered 
as a botched attempt are there any viable alternatives? Is Sender ID the 
way to go?

Kind Regards,
Claus Andersen