Handicapping New DNS Extensions and Applications
Subject:   Reason not to use SPF
Date:   2007-04-25 15:24:00
From:   Doug_Otis

What remains overlooked by SPF proponents is that although there is a limit of 10 SPF mechanisms, each mechanism may invoke 10 queries targeting a victim for a total of 100 transactions per name resolved. In addition, the local-part macro can be employed to randomize subsequent queries where none of the spammers resources are then consumed. This means any and all such traffic represents an infinite gain DNS amplification attack.

SPF libraries represent a new and growing hazard.