> > > How is this attack avoided? > > > > Sounds like the attack is inherent in SPF. In that case, > > how did the thread about dns providers and rfc compliance morph into SPF > and spam discussions?
Ask Doug Otis. He stated that SPF sets the stage for DDoS attacks against DNS servers. Presumably he said this because it points to another *COST* of DDoS that could be used as a business justification to implement BCP38. Or you could look at it as a weakness of SPF that should be used as a justification for discouraging its use. After all if we discourage botnets because they are DDoS enablers, shouldn't we discourage other DDoS enablers like SPF? --Michael Dillon