On 2004-06-04 01:29:10 -0400, Topaz M. Bott wrote: > James Craig Burley wrote: > >>Glancing at the ORDB.org nameservers I fail to see how the SPF DNS > >>usage can be so intense as to be a problem or a weak link. > >> > >> > > > >Do they use IP addresses or domain names as keys?
Irrelevant. SPF doesn't employ a central server, and my DNS cache isn't
large enough for all possible in-addr.arpa. domains.
> domain in the world in the DNS. Besides that I don't know about you but
> I have a check before SPF check that checks to C if the domain exists.
>
> Now you are going to say that checking it C if a domain exist is still
> DNS.
Right. And this check is exactly as expensive as an SPF lookup.
This is where I think James' argumentation falls down. Checking for MX
and A records for the reverse-path domain has been in the standard
configuration of sendmail and other mailers for at least 5 years or so.
James may have turned it off, but I guess most mail-admins haven't and
90+% of all mail servers are performing such checks. So spammers can
already (and could for the last several years) use exactly the DOS
attacks James outlined. AFAIK, they haven't.
hp
PS: I don't think SPF will make even a dent in spam. It will cut down on
the misrouted bounces, if it ever gets off ground, which would be nice,
too.
--
_ | Peter J. Holzer | I think we need two definitions:
|_|_) | Sysadmin WSR | 1) The problem the *users* want us to solve
| | | [EMAIL PROTECTED] | 2) The problem our solution addresses.
__/ | http://www.hjp.at/ | -- Phillip Hallam-Baker on spam
pgpjyrqe1IsXJ.pgp
Description: PGP signature
