-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of David
MacQuigg
Sent: Tuesday, March 22, 2005 11:08 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Re: DNS load research
The burden will be on the receiver, not as someone suggested earlier, on
the providers of costly SPF records. (Try to think like a
spammer.) There
will be no incentive for these providers to clean up their SPF
records. The more I think about this, the more I'm coming to the
conclusion that we need to shift the burden OFF the receiver and onto the
sender, who has an incentive to make sure his mail gets through.
I will have to disagree with you here...
There are three parties involved. In some cases, two of them are the same.
1. E-mail sender
2. DNS provider for domain used by (or included in) the sender
3. Receiver
In your spammer scenario, the spammer is #1 and he uses expensive records to
try and DOS #3.
The point I think you missed is that #2 also gets hit by this type of
attack. #2 is the one that created the expensive SPF record. #3 can't get
hit with more DNS queries than #2 sets up in the record. Now there may be
more than one #2 invovled, so the impact will be less, but there is an
overall balance between the load imposed on the receiver and the sum of the
DNS used or included by the domain of the sender.
Scott Kitterman