On Wed, Feb 24, 2010 at 8:21 AM, Rich Kulawiec <rsk@gsp.org> wrote:
On Sun, Feb 21, 2010 at 10:59:08PM -0600, James Hess wrote:
But if the origin domain has not provided SPF records, there are some unusual cases left open, where a bounce to a potentially fake address may still be required.
Nothing stops an attacker from using a throwaway domain to send traffic to known backscatterers, who will then backscatter it to $throwawaydomain, whose MX's are set to $victim's MX's.
So? You, I and everyone else these days are no longer running open relays. You don't host $throwawaydomain so the session will end at the rcpt command. If someone merely wants to DDOS your server there are far easier ways. Regards, Bill Herrin
it's never appropriate to respond to abuse with abuse.
---Rsk
-- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004