On Tue 30/Apr/2013 01:07:42 +0200 Mark Andrews wrote: > > The really annoying thing is that SPF is techically superior > to TXT is lots of ways. > > 1. It uniquely identifies the roll of the record. > > 2. As SPF records are singletons you don't need to identify > and remove the old record when updating. You can just > remove all SPF record and add the replacement. > > For TXT you need to lookup the existing RRset, extract > the v=spf1 record from it. You then need to create a > UPDATE message to delete just that record as well as add > the new TXT record. You then have to hope that no one > else is performing a simultanious update as you may get > two TXT v=spf1 records in the RRset.
That's true, except that one has TXT records anyway. > The complains about using SPF is that there are broken > firewalls and some servers drop queries for it, some registars > don't support it. Nits, as explained below. The basic fact that killed the SPF type is the ability to use TXT as a replacement. There must be an analogous of Gresham's law: "Bad types drive out good ones." > For firewalls, fix/replace the firewall if you intend to > deploy SPF and it doesn't support it. It is total !@##@# > that firewall are incapable of handling new DNS record > types. New records we exected to occur from the very > beginning and have been coming out regularly ever since the > DNS was invented. Firewall vendors that are incapable of > handling new DNS types are incompetent and do not deserve > repeat business. > > For servers than drop SPF queries they really are at the > noise level. When you identify one you complain to the > owners of it. Yes, that does work. We needed to do that > for AAAA records. > > For registrars, change registrar to one that does. While it's too late for SPF, we can learn this lesson.
