On Thu, 26 Aug 2004, Roger Moser wrote:
Shelby, again: The spammer cannot find out that there is a subdomain
user._spf.example.com. If your name server allows to find out the names of
the subdomains, then it is misconfigured and you should immediatley fix it.
That is not quite so if you configure DNSSEC, since then you must allow for
transfer of entire zone (signed obviously) and this reveals all subdomains.
This has been one of the problems that maybe stopping wider use of DNSSEC.
Then again some may see it as a way to catch abusers by introducing
specific subdomains into zone that they know do not exist and are
not referenced anywhere and then watching if somebody actually asked
for that subdomain or in case of possible users list tried to send
email to one of these.users.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net