On 17-05-17 04:16 PM, John Levine wrote:
In article <caba8r6vb+ng6e1ebdara4q-8mpi15rzvwuxyqkx2cd1os3a...@mail.gmail.com>
you write:
_spf.google.com is 4 lookups in total).
Do you know why? It'd be easy enough to glom them together into one record.
It'd be more than 512 bytes but it is my impression that the number of DNS
clients that support neither EDNS nor TCP queries is pretty small now.
R's,
John
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
4 UDP lookups is faster than a fallback to tcp.. and retry isn't it?
And sorry John, but in this business we STILL run into ppl who forget,
and only allow UDP traffic on port 53 through their firewalls..
IMHO, I would rather see recursive lookups, and for many it is easier to
maintain that way..
But, given the reported 'docusign' breach, a real example is nice..
host -t TXT docusign.com
docusign.com descriptive text "v=spf1 ip4:65.221.8.13 ip4:65.221.8.29
ip4:65.221.12.128 ip4:65.221.12.148 ip4:192.237.158.85
ip4:23.253.182.234 include:_spfA.docusign.com include:_spfB.docusign.com
include:_spfC.docusign.com include:sharepointonline.com -all"
It looks not bad, successive lookups to 3 parts.. and they all look
good. Don't like this part of course.. include:sharepointonline.com
ip4:52.104.0.0/14
which chains down to of course..
ip4:40.108.128.0/17 ip4:104.146.128.0/17 ip4:104.146.0.0/19
and more..
And I see that more and more of a trend, company uses a 3rd party
newsletter company which has all of Amazon AWS or Digital Ocean or
Azure IP Space.. in the SPF record chain.. Not too hard for someone
else to get some of the IP space and start spoofing..
Most people don't understand what the innocuous include means.. just
that someone (3rd party) told them they had to add it to their SPF
chain.. and someone in management said 'just do it', without realizing
that it completely invalidated the protection afforded by SPF..
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
------------------------------------------------------------------------
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
