At 10:11 PM 8/26/2004 +0200, Roger wrote:
Shelby wrote:
If yes, then a spammer can do the same thing. It is not the same as
handing the spammer a list, but it is another way to query for existent
addresses, which has following drawbacks:
Of course if you have "exists:%{l}.spf.example.com" in your SPF record, then
(1) you must prevent that everyone can read the names of the subdomains from
your name server (that means you must disable zone transfers) and
(2) you must be prepared for a dictionary attack.
Otherwise don't use "exists:%{l}.spf.example.com".
Thanks Roger. I am "satisfied" now given above caveats.
-Shelby