[93134] in North American Network Operators' Group
Re: BCP38 thread 93,871,738,435 + SPF
daemon@ATHENA.MIT.EDU (Florian Weimer)
Fri Oct 27 08:28:53 2006
From: Florian Weimer <fw@deneb.enyo.de>
To: Douglas Otis <dotis@mail-abuse.org>
Cc: "Steven M. Bellovin" <smb@cs.columbia.edu>,
Sean Donelan <sean@donelan.com>, nanog@merit.edu
Date: Fri, 27 Oct 2006 14:11:30 +0200
In-Reply-To: <1161895406.25707.100.camel@bash.adsl-64-142-13-68> (Douglas
Otis's message of "Thu, 26 Oct 2006 13:43:26 -0700")
Errors-To: owner-nanog@merit.edu
* Douglas Otis:
> Spam being sent through Bot farms has already set the stage for
> untraceable DNS attacks based upon SPF. In addition to taking out major
> interconnects, these attacks can:
>
> a) inundate authoritative DNS;
>
> b) requests A records from anywhere;
>
> c) probe IP address, port, and the transaction IDs of resolvers;
(b) and (c) are not new developments because lots of MTAs already
perform A lookups on HELO arguments, and MX lookups on sender domains.
> While not as bad as eavesdropping, it still places the network and the
> integrity of DNS at risk. All of this while the spam is still being
> delivered. What a productivity tool!
The purpose of SPF, as it is deployed, is to facilitate routing
solicited bulk email around spam filters. Look at email.bn.com/IN/TXT
to get the idea. This application requires some of the indirection
features offered by SPF.
