BCP38 thread 93,871,738,435 + SPF

Florian Weimer fw at deneb.enyo.de
Fri Oct 27 12:11:30 UTC 2006

* Douglas Otis:

> Spam being sent through Bot farms has already set the stage for
> untraceable DNS attacks based upon SPF.  In addition to taking out major
> interconnects, these attacks can:
>  a) inundate authoritative DNS;
>  b) requests A records from anywhere;
>  c) probe IP address, port, and the transaction IDs of resolvers;

(b) and (c) are not new developments because lots of MTAs already
perform A lookups on HELO arguments, and MX lookups on sender domains.

> While not as bad as eavesdropping, it still places the network and the
> integrity of DNS at risk.  All of this while the spam is still being
> delivered.  What a productivity tool!

The purpose of SPF, as it is deployed, is to facilitate routing
solicited bulk email around spam filters.  Look at email.bn.com/IN/TXT
to get the idea.  This application requires some of the indirection
features offered by SPF.

More information about the NANOG mailing list