Phil White wrote:
On Thursday 16 October 2003 23:50, Meng Weng Wong wrote:
But who does it hurt most? The people who caused the problem.
They should be motivated to fix it.
Thats a tiny bit harsh.
AFAIK, there is no suggestion that the behaviour is 'broken' - just
insecure. There is certainly nothing to suggest that it is wrong,
simply inadvisable.
And, if ever the net moves to DNSSEC extensions (and I hope it does
ASAP),
then you cannot prevent AXFR under the current proposals.
I think it is harsh also, but I don't think that is a reason to make an
exception. If a DNS admin allows global AXFR of his zones (insecure),
then the email addresses within those zones which are published may be
used to send spam. To use your own comment from another post (mailing
lists send as itself), SPF will simply be enforcing best practice.
---
Dustin D. Trammell
Vulnerability Remediation Alchemist
Citadel Security Software, Inc.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)½§Åv¼ð¦¾Øß´ë�ù1I�í-»F�qx(_dot_)com