Proposed change to the RFC text:
An SPF query may trigger subqueries due to includes and redirects. If
more than a total of 20 subqueries are triggered, an SPF client MAY
abort the lookup and return an unknown result.
Regular lookups such as A and MX queries do not count toward this total.
I like this. In this context does "subqueries" mean "exists-mechanism
queries"? What other queries are there (A, MX, PTR, TXT for include:)
DNS queries are pretty lightweight (like 1 packet), compared to TCP
connections like sendmail (which can be in the hundreds). Limiting to a
total of 20 exists-or-include queries would help limit any outside chance.
By the time sendmail gets to the MAIL FROM stage I would guess 10-20 TCP
packets have already been sent.
The point about the caches is a good one... but the caches are on the
receiver side so the effect would be spread over lots of different caches
if the mail is going everywhere. If you are just attacking one mailer
there are probably other DDOS methods that one could use to greater effect,
but i'm not 100% sure of this.
gregc
--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡