171 of those records seem to be creating a DMP style reverse-IP
lookup zone. I think this might have a place since it is the most
convienient for a couple of use cases:
That would be altavista.com... I wrote some more about it in
my previous
message if you are interested. Basically the null.spf.
doesn't exist, but
we log all queries made to it so we have a record of attempts.
That feature would be exceptionaly useful in the context of anti-phishing.
One of the biggest problems we face is tracking down zombies. Knowing
that an address has been used for zombie attack against bank X is useful
when you are trying to investigate a similar attack against bank Y.
Phill