On Thursday 16 October 2003 23:50, Meng Weng Wong wrote:
On Thu, Oct 16, 2003 at 11:10:02PM +0100, Phil White wrote:
| Big problem
|
| Many DNS admins forget to disable general AXFR for their zonefile.
| Result: You have just published a list of addresses spammers can use to
| circumvent SPF.
You're right. It is a big problem.
But who does it hurt most? The people who caused the problem.
They should be motivated to fix it.
Thats a tiny bit harsh.
AFAIK, there is no suggestion that the behaviour is 'broken' - just insecure.
There is certainly nothing to suggest that it is wrong, simply inadvisable.
And, if ever the net moves to DNSSEC extensions (and I hope it does ASAP),
then you cannot prevent AXFR under the current proposals.
Regards,
Phil.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡