Douglas Otis wrote: > Ten or eleven SPF records can be chained, where each set may contain > 10 mechanisms
10 chained records => 10 "include" or "redirect" => limit of 10 reached. The next contained mechanism - anything more elaborated than an "ip4", "ip6", or "all" - results in a PermError. > each mechanism may then invoke up to 10 additional DNS transactions The two mechanisms doing that are "ptr" and "mx", and "ptr" depends on the IP of the SMTP client. That leaves "mx" as the only mechanism for this consideration. > Each name resolved using SPF may target a victim not seen anywhere > within the message with 100 DNS transactions. The attacker can construct a policy with 10 "mx" mechanisms, with 10 fabricated names per MX in the attacked domain. The attacker won't send the IPs of those names in the q=mx reply by his name server, so that results in 100 queries to the name server of the attacked domain. After that the SMTP server in question has these 100 answers cached. Frank _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
