Re: Trouble with Sender Authentication

[Douglas Otis <dotis@xxxxxxxxxxxxxx>]

On Nov 7, 2006, at 4:27 PM, Julian Mehnle wrote:
> The problem with your analysis, Doug, is that (1) it attributes  
> several attack vectors to SPF which are really orthogonal, like  
> SMTP's multi-recipient feature or the use of many compromised  
> systems for sending mail, and (2) with a high probability it  
> overrates both the negative effects (like the victim/attacker  
> traffic ratio) of an attack staged as described, and the net  
> incentive for doing so in the first place.

Execution of SPF script is not orthogonal to SMTP's current use (or  
abuse).  An SPF script exploit requiring little (if any) resources of  
the attacker offers an incentive.  Difficult forensics offers an  
incentive.  Acceptance of responsibility and subsequent changes to  
infrastructure requires time.  The delay for an effective response  
offers an incentive.  These incentives and risks grow as SPF script  
execution increases.  Protection necessitates the general removal of  
the related scripts.  Malicious script detection at each DNS is not  
reasonable.

-Doug