Henrik Schack skrev den 22-12-2012 10:06:
Hmm the A record approach is also a bit of a puzzle, you have to make
sure the DNS replies fit into UDP packets i guess
and with dnssec it would be worse :=)
conserns is more if we would like to keep from tcp, same apply for
gratisdns not provide space for 2048 bit keys to dkim txt records, it
does not make sense to use 4096 bit keys if dnssec is disabled on that
domain
udp supports upto 4096 imho, in dns terms atleast, spf supports upto 10
dns names in any spf referrings, i think only way to limit spf problems
is to use subdomains, so there is more spf records, but on testing there
is less then 10
hotmail started with just one million spf records to show how big there
problem was :)
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
