On 2004-06-04 01:29:10 -0400, Topaz M. Bott wrote: > James Craig Burley wrote: > >>Glancing at the ORDB.org nameservers I fail to see how the SPF DNS > >>usage can be so intense as to be a problem or a weak link. > >> > >> > > > >Do they use IP addresses or domain names as keys?
Irrelevant. SPF doesn't employ a central server, and my DNS cache isn't large enough for all possible in-addr.arpa. domains. > domain in the world in the DNS. Besides that I don't know about you but > I have a check before SPF check that checks to C if the domain exists. > > Now you are going to say that checking it C if a domain exist is still > DNS. Right. And this check is exactly as expensive as an SPF lookup. This is where I think James' argumentation falls down. Checking for MX and A records for the reverse-path domain has been in the standard configuration of sendmail and other mailers for at least 5 years or so. James may have turned it off, but I guess most mail-admins haven't and 90+% of all mail servers are performing such checks. So spammers can already (and could for the last several years) use exactly the DOS attacks James outlined. AFAIK, they haven't. hp PS: I don't think SPF will make even a dent in spam. It will cut down on the misrouted bounces, if it ever gets off ground, which would be nice, too. -- _ | Peter J. Holzer | I think we need two definitions: |_|_) | Sysadmin WSR | 1) The problem the *users* want us to solve | | | [EMAIL PROTECTED] | 2) The problem our solution addresses. __/ | http://www.hjp.at/ | -- Phillip Hallam-Baker on spam
pgpjyrqe1IsXJ.pgp
Description: PGP signature