BCP38 thread 93,871,738,435 + SPF
fw at deneb.enyo.de
Fri Oct 27 12:11:30 UTC 2006
* Douglas Otis:
> Spam being sent through Bot farms has already set the stage for
> untraceable DNS attacks based upon SPF. In addition to taking out major
> interconnects, these attacks can:
> a) inundate authoritative DNS;
> b) requests A records from anywhere;
> c) probe IP address, port, and the transaction IDs of resolvers;
(b) and (c) are not new developments because lots of MTAs already
perform A lookups on HELO arguments, and MX lookups on sender domains.
> While not as bad as eavesdropping, it still places the network and the
> integrity of DNS at risk. All of this while the spam is still being
> delivered. What a productivity tool!
The purpose of SPF, as it is deployed, is to facilitate routing
solicited bulk email around spam filters. Look at email.bn.com/IN/TXT
to get the idea. This application requires some of the indirection
features offered by SPF.
More information about the NANOG