On Thu, 9 Nov 2006, Douglas Otis wrote:
to select an array of MX RR sets. The script defines the record set, but in
converse a record does not define the set comprising the script. Processing
the script includes initial parameters not found in any SPF record as well.
I've examined this issue over last few days. This all has nothing to
do with SPF but with DNS in general in which Doug's SPF use is just
an example of range of similar attacks. The underlying problem is
really that if spammers have large collection of zombies under their
control they can either use them either directly to launch an attack
(and spam is form of DoS too!) or indirectly to get others to to do
something simiar with some additinal level or amplification (about
1-20 depending on complexity of DNS scheme). They don't really need
SPF for that at all. I need to work more on the numbers and examples
and also unlke Doug I've an issue with just publicly saying how to do
all that - this would be just way too useful for bad guys.
It seems best not to confuse the term script with that of record. They are
truly different elements.
cert-test.mail-abuse.org. IN TXT "v=spf1
mx:0.%{l}.%{d} mx:1.%{l}.%{d} mx:2.%{l}.%{d}
mx:3.%{l}.%{d} mx:4.%{l}.%{d} mx:5.%{l}.%{d}
mx:6.%{l}.%{d} mx:7.%{l}.%{d} mx:8.%{l}.%{d}
mx:9.%{l}.%{d} ?all"
Could someone kindly point me to workable CSV library so that I could
provide Doug with an example of using CSV to generate highier amount
of amplificatin then his assertions about SPF?
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net