Skip site navigation (1) Skip section navigation (2)

Re: [CORE] SPF Record ...

From: Andrew Sullivan <ajs(at)crankycanuck(dot)ca>
To: pgsql-www(at)postgresql(dot)org
Subject: Re: [CORE] SPF Record ...
Date: 2006-11-19 14:26:34
Message-ID: 20061119142634.GC26583@phlogiston.dyndns.org (view raw or flat)
Thread:
Lists: pgsql-www
On Fri, Nov 17, 2006 at 09:33:52PM -0400, Marc G. Fournier wrote:
> > client end_.  So they don't affect you, but they cause a lot of
> > processing by someone else.
> 
> But isn't that only if the receiving end has implemented an SPF policy?  SPF 
> records aren't even checked if postfix (or the other MTAs) are configured to 
> check for it ... no?

That's the point.  If Doug Otis is right, by _you implementing_ SPF,
you become the potential source for a large-multiple amplification
DoS attack, on someone who is checking SPF.  If your response is,
"Well, they shouldn't check SPF then," my question is then, "So why
put the record in DNS?"

In any case, SPF is _experimental_.  Experimental protocols are
released that way because there is significant suggestion in the
community that the protocol might actually be harmful to the
Internet.  

> 'lack of a clue' seems to be a bad reason to not use SPF, no?  

No.  The DNS is a distributed database used by everyone on the
Internet, the users of which you don't even know and cannot be sure
you can learn about.  If there is any place at all to be conservative
in what you send, it's the DNS.

A

-- 
Andrew Sullivan  | ajs(at)crankycanuck(dot)ca
If they don't do anything, we don't need their acronym.
		--Josh Hamilton, on the US FEMA

In response to

pgsql-www by date

Next:From: Andrew SullivanDate: 2006-11-19 14:28:20
Subject: Re: [CORE] SPF Record ...
Previous:From: Andrew SullivanDate: 2006-11-19 14:22:03
Subject: Re: SPF Record ...

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group