Re: DDoS attacks via SPF

The %t macro is pretty useless in the exp message -- how many peopleknow what the date 1003787651 is? Originally, I had thought that it wasmostly useful to generate domain names that were not cached. However, Inow think that the DNS server can always serve up the response recordswith a TTL of 0 or 1 if that effect is desired.

I'd be in favour of doing away with %t entirely, and maybe replacing itby the date in some standard form (2003-12-18 20:20:00-0500)


philip

Terence Way wrote:

Okay, so let's allow %{t} only in expanding exp TXT RRs, and disallow it
in all mechanisms and modifiers.

'v=spf1 exp=exp.example.com'   <<= %{t} not allowed here or in any mechan

exp.example.com IN TXT "Bummer %{t}" <<= %{t} allowed here.

Then there never will be %{t}-generated entries in any DNS cache.

Cheers!

In <20031218194704(_dot_)GK31242(_at_)dumbo(_dot_)pobox(_dot_)com> Meng Weng 
Wong
<mengwong(_at_)dumbo(_dot_)pobox(_dot_)com> writes:

I guess if the %t macro was restricted to the exp message, I wouldn't
have a problem.  Even then, other timestamps are likely to be more
appropriate.

The %t macro is just far more expensive than people might realize,
with a lot of the expense coming in the form of bloated DNS caches on
machines third party machines.  If the expense only was felt by the
domain name owner who used the %t macro, that would be one thing, but
it isn't.


--
Philip Gladstone
* Check out the live pondcam at http://pond.gladstonefamily.net

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt

To unsubscribe, change your address, or temporarily deactivate your subscription,please go to http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡

smime.p7s
Description: S/MIME Cryptographic Signature