* Douglas Otis:
Spam being sent through Bot farms has already set the stage for untraceable DNS attacks based upon SPF. In addition to taking out major interconnects, these attacks can:
a) inundate authoritative DNS;
b) requests A records from anywhere;
c) probe IP address, port, and the transaction IDs of resolvers;
(b) and (c) are not new developments because lots of MTAs already perform A lookups on HELO arguments, and MX lookups on sender domains.
While not as bad as eavesdropping, it still places the network and the integrity of DNS at risk. All of this while the spam is still being delivered. What a productivity tool!
The purpose of SPF, as it is deployed, is to facilitate routing solicited bulk email around spam filters. Look at email.bn.com/IN/TXT to get the idea. This application requires some of the indirection features offered by SPF.