On Sun, 14 Feb 2010, Jonas Eckerman wrote:
1: The participation record is optional, so you only use it if you want
"everything else" to be rejected.
This is why I would support mtamark... It permits the sysadmin to
determine the default behaviour for his IP range, rather than defining a
dangerous default in the client.
And I quote:
This subdomain MAY be inserted at any level in the DNS tree for IPv4
IN-ADDR.ARPA reverse zones. For IPv6, to limit the number of DNS
queries, _srv is only queried at the /128 (host), /64 (subnet) and /
32 (site) level. That way it can either provide information for a
specific IP address or for a whole network block. More specific
information takes precedence over information found closer to the top
of the tree.
The beauty of this mechanism is that we can 'sell' large ISP's on it by
saying "you only need to create one 'allow' entry for each legitimate MTA
and one 'deny' entry for each netblock.
And for SA there is no need to give it 'starting' scores, like SPF, the
mechanism is effective as soon as it is used, and ignorable if not...
- C
