nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BCP38 thread 93,871,738,435 + SPF

From: Florian Weimer <fw () deneb enyo de>
Date: Fri, 27 Oct 2006 14:11:30 +0200

* Douglas Otis:


Spam being sent through Bot farms has already set the stage for
untraceable DNS attacks based upon SPF.  In addition to taking out major
interconnects, these attacks can:

 a) inundate authoritative DNS;

 b) requests A records from anywhere;

 c) probe IP address, port, and the transaction IDs of resolvers;


(b) and (c) are not new developments because lots of MTAs already
perform A lookups on HELO arguments, and MX lookups on sender domains.


While not as bad as eavesdropping, it still places the network and the
integrity of DNS at risk.  All of this while the spam is still being
delivered.  What a productivity tool!


The purpose of SPF, as it is deployed, is to facilitate routing
solicited bulk email around spam filters.  Look at email.bn.com/IN/TXT
to get the idea.  This application requires some of the indirection
features offered by SPF.
Previous By Date Next
Previous By Thread Next

Current thread: