spf-discuss
[Top] [All Lists]

Re: DDoS attacks via SPF

2003-12-18 14:29:08
On Wed, Dec 17, 2003 at 07:47:11PM -0600, wayne wrote:
| 
| I propose that there should be a limit of, say, 4-8 DNS queries in
| toto, for all levels of includes and redirects.  SPF implementations
| MUST NOT query more than this.  I also think there should be a limit
| to the number of bytes that will be parsed, and that limit be
| something like 512-2048.
| 
| We have to be very conservative when we are directing one site to
| accept directions form a third party which can then tell the site to
| go to yet another party.
| 

Proposed change to the RFC text:

  An SPF query may trigger subqueries due to includes and redirects.  If
  more than a total of 20 subqueries are triggered, an SPF client MAY
  abort the lookup and return an unknown result.

  Regular lookups such as A and MX queries do not count toward this total.

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡


<Prev in Thread] Current Thread [Next in Thread>