On Fri, 27 Oct 2006, Douglas Otis wrote:
As Steve already pointed out, BCP38 is not a complete solution. Not only does SPF prevent the source of a Botnet attack from being detected, it also enables significantly greater amplification than might be achieved with a spoofed source DNS reflective attack. In addition, the Botnet resources are not wasted, as their spam is still being delivered. This aspect alone dangerously changes the costs related to such attacks. It seems wholly imprudent not to consider SPF in the same discussion.
-Doug
Doug, I wonder, HOW do you intend / do track down the source of a botnet attack? I know how I and others do it. There are three approaches which fork everywhere on an expression tree. If you believe SPF prevents you from doing it, can you elaborate how?