Re: [Sqlgrey-users] SQLgrey 1.8.0-rc1

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Karl Pinc wrote:
> And what role would [SPF records] play in greylisting?

Where it would be helpful is in identifying diverse ranges of IP addresses
that may represent a valid source for a given e-mail address, in the case
of MTAs that do not re-send messages from the same IP address.

I'm thinking of gmail when I say that.

I agree wholeheartedly, with the notion that synchronous DNS lookups are
likely too expensive to include as part of SQLgrey, or other similar
greylisting implementations.

It would be cleaner to have some kind of out-of-band, asynchronous mechanism
(a cronjob) that would assert that a range of addresses represents, for the
purposes of greylisting, a single source; currently, the out-of-band mechanism
only allows for whitelisting. I think that using SPF records in this fashion
would be preferable, in principle, to arbitrarily whitelisting.

The trouble would be: how do you programmatically deterine which SPF records
to query? Perhaps the asynchronous job could query the database for likely
candidates, and similarly maintain a database of results. Only update records
once a day for existing entries, that kind of thing.

I'm thinking it would be a significant amount of work for a relatively modest
return.

--Kyle