||Handicapping New DNS Extensions and Applications|
|Subject:||Reason not to use SPF|
What remains overlooked by SPF proponents is that although there is a limit of 10 SPF mechanisms, each mechanism may invoke 10 queries targeting a victim for a total of 100 transactions per name resolved. In addition, the local-part macro can be employed to randomize subsequent queries where none of the spammers resources are then consumed. This means any and all such traffic represents an infinite gain DNS amplification attack.
Hear us Roar