SPF. reverse lookups. It's the "How many half-baked ideas can we fit into a single thread?" contest, again.
Jonathan de Boyne Pollard
J.deBoynePollard at Tesco.NET
Wed Dec 1 12:42:33 UTC 2004
L> What am I missing?
You are missing years of discussion where it has been pointed out, time
and again, that reverse lookups aren't a security or a validation
mechanism, that reverse lookup relies upon attacker-supplied data, that
reverse lookups are not the inverses of forward lookups, and that
SMTP-based Internet mail is a store-and-forward system where any
particular SMTP Relay client is not necessarily the actual origin of a
message.
<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-avoid-double-reverse.html>
<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/smtp-spf-is-harmful.html>
SPF and reverse lookup validation have been discussed in a lot of fora
many times over a long time, and eventually most reasonable and
intelligent people reach the same conclusions. Google is your friend.
Search and read.
More information about the bind-users
mailing list