> From: John Hardin [mailto:jhar...@impsec.org] > > Agreed. I was speculating that multiple variants of SPF_PERMISSIVE > might be justified, e.g. SPF_PERMISSIVE_ALL, SPF_PERMISSIVE_1, > SPF_PERMISSIVE_8, etc. However, it is only speculation; I have no > data to support that level of complexity being useful.
Why not use Net::CIDR::Lite for this? Our hypothetic plugin could merge together CIDRs via Net::CIDR::Lite->add() and get the resultant merged, non-overlapping CIDRs via ->list(), then count the size of the allowed addresses (via something like 2^(32 - cidr_prefix)) and fire rules like the ones you suggest. Giampaolo