-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Radu,
You had some really good points wrt the whole DNS query loading, but I
am really not following your logic here.
ASSUMING you bother to check HELO as well as MAIL FROM with SPF, it
gives you two chances to reject instead of just one. Any result that
does not result in a reject leaves you with an e-mail message to
deliver.
Your horrible examples are a pretty good description of the SOBER trojan
making its way about the net RIGHT NOW, and our DNS servers aren't
melting down from the load of all these bogus queries. In fact, if
I could REJECT each of those messages at SMTP time instead of having my
attachment rule pick them off, I would be saving a great deal of
bandwidth by having never received them in the first place.
Yes, DNS load is a consideration, and so are other issues, but they have
to be weighted against the other considerations.
100 DNS queries is still less traffic than a typical spam message.
It is _much_ less than a typical e-mail worm/trojan.
Be cautious that in lightening your load for a long trip, that you don't
leave your canteen behind. Water is heavy after all.
- --
Daniel Taylor VP Operations Vocal Laboratories, Inc.
dtaylor(_at_)vocalabs(_dot_)com http://www.vocalabs.com/
(952)941-6580x203
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCe70z8/QSptFdBtURAurBAJ9o9SQiDfgd5GxNsNrBzoQ85zgL9QCeKx6b
wNsuidEK1FwDtiuptRr/ffA=
=gQGP
-----END PGP SIGNATURE-----