William Herrin bill at
Wed Feb 24 15:48:48 UTC 2010

On Wed, Feb 24, 2010 at 8:21 AM, Rich Kulawiec <rsk at> wrote:
> On Sun, Feb 21, 2010 at 10:59:08PM -0600, James Hess wrote:
>> But if the origin domain has not provided SPF records,  there are some
>> unusual cases left open,  where a bounce to a potentially fake address
>> may still be required.
> Nothing stops an
> attacker from using a throwaway domain to send traffic to known
> backscatterers, who will then backscatter it to $throwawaydomain,
> whose MX's are set to $victim's MX's.

So? You, I and everyone else these days are no longer running open
relays. You don't host $throwawaydomain so the session will end at the
rcpt command. If someone merely wants to DDOS your server there are
far easier ways.

Bill Herrin

>  it's never appropriate to respond
> to abuse with abuse.
> ---Rsk

William D. Herrin ................ herrin at  bill at
3005 Crane Dr. ...................... Web: <>
Falls Church, VA 22042-3004

More information about the NANOG mailing list