On 6/28/04 1:36 PM, Hallam-Baker, Phillip sent forth electrons to convey:
If it turns out that SPF adoption leads to significant network harm,
then it would be possible to tweak it or replace it with
something more effective, with narrower scope, in particular CSV.
This is a valuable discussion.
<>
Caller-Id required a single packet in each direction for the vas[t]
majority of mail interactions.
<snip>
Please watch your tone.
That's incorrect. Please read the earlier post to this thread at
http://www.imc.org/ietf-mxcomp/mail-archive/msg02198.html
as it argues that this is not the case.
I don't see you addressing the concerns Doug raised.
Perhaps you were arguing that all mail servers should rely on local
caching DNS servers that will cache all the word's active LMAP records.
If that's the case, then *perhaps* that does present a strong DDoS
defense. Please confirm/flesh out. Does it work in the face of
malicious macro SPF records?
BTW, I wonder if it would make sense to specify that caching DNS servers
MAY cache LMAP records for x hours, even if they have a short TTL.
This would reduce DDoS exposure. At what cost, and what's a good x?
Without this, it's appropriate to assume that the attackers will publish
LMAP records with TTLs ~= 0.
MARID provides additional motivation for DDoS against the DNS.