[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Trouble with Sender Authentication

To: wayne <wayne@xxxxxxxxxxx>
Subject: Re: Trouble with Sender Authentication
From: Douglas Otis <dotis@xxxxxxxxxxxxxx>
Date: Mon, 6 Nov 2006 17:22:05 -0800
Cc: IETF MARID WG <ietf-mxcomp@xxxxxxx>
In-reply-to: <x4ac34dybu.fsf@xxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-mxcomp/mail-archive/>
List-id: <ietf-mxcomp.imc.org>
List-unsubscribe: <mailto:ietf-mxcomp-request@imc.org?body=unsubscribe>
References: <200611021612.13627.ietf-mxcomp.lists@xxxxxxxxxxxxx> <58CA41E0-1708-41A8-BE6B-7EBB343479A9@xxxxxxxxxxxxxx> <x4zmb9fg2s.fsf@xxxxxxxxxxxxxxxxxxxx> <CA634898-FCE8-4787-B860-669C685272D0@xxxxxxxxxxxxxx> <x4ac34dybu.fsf@xxxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-mxcomp@xxxxxxxxxxxx



On Nov 6, 2006, at 2:06 PM, wayne wrote:

In <CA634898-FCE8-4787-B860-669C685272D0@xxxxxxxxxxxxxx> DouglasOtis <dotis@xxxxxxxxxxxxxx> writes:
Review the archive and you'll find a posting of the agreementinitially required before subscribing to spf-discuss. While itmay have changed, this was the reason for not participating onthat list. The MARID list is still functional.
Yes, I saw your post. People pointed out to you that you werewrong back then, and you are still wrong today.
Constructive critisism is on-topic for the spf-discuss list. So isthe promotion of SPF. I have removed the suggestion that if youthink SPF is fundementally flawed that you should come here instead.

It seems this suggestion is still remembered, judging by advice givenK.J. There is not much point arguing about which list. Somethingother than SPF must be considered as a solution. Promotion of SPFeffectively thwarts any consideration of alternatives on spf-discuss. : (

It wasn't until your -01 version of your draft that you actuallypresented hard data in your Appendix A. Your data doesn't backup your 1000x claims.
45 pages in the addendum trace SPF resolving a single name atabout 64:1 increase in traffic.
Nice to see that you agree that your data doesn't back up yourclaims, but even your 64:1 number is bogus.

How so? The number assumes a local DNS resolver is seeded withattacking SPF script and MX records. The same SPF script can uselocal-part macros to generate any number of attack queries. The MXrecords can repeat following a negative caching interval. The 64:1gain is based upon the email itself and just _one_ instance of SPFbeing executed. The message overhead likely represents spam thatwould have been sent anyway. The entire SPF related trafficrepresents a gift given an attacker by those executing SPF script. : (

The higher gains noted recognize compromised systems might utilize aprovider's SMTP server. The message can include a number ofrecipients as yet another multiplier. In addition, each messagemight be assessed at multiple locations. Each instance represents amultiplier of network network traffic generated by SPF script. Just8 recipients evaluated at the MTA and MUA reach the gain of 1000:1.The local-part macro also facilitates canvassing recipients that makeuse of SPF, and those that do so twice. : (


-Doug

Follow-Ups:
- Re: Trouble with Sender Authentication
  - From: Frank Ellermann

References:
- Trouble with Sender Authentication
  - From: K.J. Petrie
- Re: Trouble with Sender Authentication
  - From: Douglas Otis
- Re: Trouble with Sender Authentication
  - From: wayne
- Re: Trouble with Sender Authentication
  - From: Douglas Otis
- Re: Trouble with Sender Authentication
  - From: wayne

Prev by Date: Re: Trouble with Sender Authentication
Next by Date: Re: Trouble with Sender Authentication
Previous by thread: Re: Trouble with Sender Authentication
Next by thread: Re: Trouble with Sender Authentication
Index(es):
- Date
- Thread