| From: | "Dan Langille" <dan(at)langille(dot)org> |
|---|---|
| To: | "Marc G(dot) Fournier" <scrappy(at)hub(dot)org> |
| Cc: | pgsql-www(at)postgresql(dot)org |
| Subject: | Re: [CORE] SPF Record ... |
| Date: | 2006-11-18 13:05:36 |
| Message-ID: | 455EBED0.31862.6912E81@dan.langille.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-www |
On 17 Nov 2006 at 21:33, Marc G. Fournier wrote:
>
>
> --On Friday, November 17, 2006 07:05:24 -0500 Andrew Sullivan
> <ajs(at)crankycanuck(dot)ca> wrote:
>
> > On Fri, Nov 17, 2006 at 01:15:35AM -0500, Tom Lane wrote:
> >>
> >> +1 on the idea, but am willing to listen to objections...
> >
> > Well, the objection is basically that SPF records are possibly a
> > vector for large-scale DoS amplification attacks _on the receiving
> > client end_. So they don't affect you, but they cause a lot of
> > processing by someone else.
>
> But isn't that only if the receiving end has implemented an SPF policy? SPF
> records aren't even checked if postfix (or the other MTAs) are configured to
> check for it ... no?
Correct.
> > In any case, though, SPF records are considerably larger than
> > traditional DNS responses, which means much of the time everyone is
> > failing back to TCP. Since a number of non-clueful DNS operators
> > think you can block TCP on port 53, it's also a potential way to
> > prevent communication.
>
> 'lack of a clue' seems to be a bad reason to not use SPF, no? And, please note
> that I wasn't suggesting *we* check SPF, only that we provide an SPF record in
> our DNS for those that do check it ...
Noted. That is what was proposed.
--
Dan Langille : Software Developer looking for work
my resume: http://www.freebsddiary.org/dan_langille.php
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2006-11-18 17:12:22 | Re: [CORE] SPF Record ... |
| Previous Message | Marc G. Fournier | 2006-11-18 01:33:52 | Re: [CORE] SPF Record ... |