On Fri, 27 Oct 2006, Douglas Otis wrote: > As Steve already pointed out, BCP38 is not a complete solution. Not > only does SPF prevent the source of a Botnet attack from being > detected, it also enables significantly greater amplification than > might be achieved with a spoofed source DNS reflective attack. In > addition, the Botnet resources are not wasted, as their spam is still > being delivered. This aspect alone dangerously changes the costs > related to such attacks. It seems wholly imprudent not to consider > SPF in the same discussion. > > -Doug Doug, I wonder, HOW do you intend / do track down the source of a botnet attack? I know how I and others do it. There are three approaches which fork everywhere on an expression tree. If you believe SPF prevents you from doing it, can you elaborate how?