How is that decentralized? That's just one zone, copied to many others.
The central zone can be attacked, and so can the duplicates. Any means
that makes available the IP addresses of the duplicate servers also
makes the addresses available to attackers.
SPF is still better in this respect. (So is message signing, of
course.)
-- arlie
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of RKML
Sent: Thursday, October 09, 2003 7:06 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Solving throwaway domains using RHSBLs not
whois
So why not incorporate an indirect Zone transferred blacklists of
domains that are not allowed and therefore would not be damagable to
DDoS.
Rudy K.
----- Original Message -----
From: "Arlie Davis" <arlie(_at_)sublinear(_dot_)org>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Thursday, October 09, 2003 6:20 PM
Subject: RE: [spf-discuss] Solving throwaway domains using RHSBLs not
whois
Centralized black-lists, such as what you propose/mention, are
vulnerable to DDoS attacks from the spammers. We've already seen
SEVERAL domains that maintained spam blacklists wiped out by DDoS
attacks. If we move to a centralized black-list server, it will be
continuously attacked by the spammers.
Although I have a lot of doubts about SPF, its distributed nature is
definitely a strength.
-- arlie
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of Meng
Weng Wong
Sent: Thursday, October 09, 2003 12:25 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: [spf-discuss] Solving throwaway domains using RHSBLs not
whois
On Thu, Oct 09, 2003 at 09:15:56AM -0400, Mark Jeftovic wrote:
|
| With regard to whois, or using it to score throw-away domain
| detection, I advise against it. That's not what the whois database
is
| designed for and they simply were not built with the performance
| considerations that this would require.
|
Suggestions that we use "whois" are on the right track but there are
better technical approaches; specifically, the RHSBL.
from http://www.securitysage.com/guides/postfix_uce_rhsbl.html
An RHSBL, like an RBL, is usually available via DNS, but contains
a list
of domain names (as opposed to IP addresses) that can be checked
against
the client domain of an email, as well as the domain portion
(after the
@) of the sender and recipient addresses.
Here's how they work:
20031009-12:22:17 mengwong(_at_)dumbo:~% dnsip
amazingoffersdirect.net.spamdomains.blackholes.easynet.nl
127.0.0.2
20031009-12:22:24 mengwong(_at_)dumbo:~% dnsip
yahoo.com.spamdomains.blackholes.easynet.nl
20031009-12:22:33 mengwong(_at_)dumbo:~%
See the bottom of http://www.sdsc.edu/~jeff/spam/cbc.html for a number
of RHSBLs. They will gain in prominence as SPF is adopted.
To date, RHSBLs return either a DECLINE or NEGATIVE opinion. In the
future I predict we will see RHSBLs published by major ISPs that
return KNOWN, UNKNOWN, NEGATIVE, and DECLINE, constituting a weak
reputation scheme. Even finer grain is possible with "started sending
mail N days ago".
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription, please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡