Douglas Otis wrote:
Why not mention the use of TXT records as a means of
noting contact information?
IIRC the name of that record is RP or similar, not TXT.
Why must this be done via a web site?
Because http is quite popular for transporting more
than 400 bytes. Nothing against gopher or whois, but...
I posted slides presented to the ISOI II at:
http://www.sonic.net/~dougotis/isoi/
Comparing the size of the message with the size of the
final queries is bogus. The attacker has to sustain
those queries from his own name server, and with that
it's a factor near 9 (11 or 12 queries to the attacker,
100 queries to the victim).
The a * b * c * d stuff ignores caches, it's nonsense.
As an attacker with 102,400 bots I wouldn't bother to
figure out who checks SPF and how their DNS caches work,
and bet on ordinary "call back verification". Or let
the bots flood the victim directly with bogus queries.
And it won't surprise me if some SPF implementations
already have a "NXDOMAIN processing limit" to catch
your convoluted attempts based on malicious MX records.
Terminate policies with "+all" is also bullshit, the
fastest way to get a PASS for any IP is to use only
"v=spf1 +all". Of course that's a really bad idea
for somebody planning to stay on a white list, but
some spammers might like the cheap PASS.
Frank
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg