SpfAlias2 - Random SPF (TXT) Aliases (Variant 2)
This module is designed to generate DNS responses with SPF (Sender Policy Framework) records that contain random aliases. The SPF protocol is used for authorizing domains during email communication.
This variant can produce multiple SPF entries contained within one or more TXT records. In this case, each SPF entry contains multiple include: parameters with randomly generated domain names (aliases). These aliases are in the format spfalias2#####.yourdomain.com where ##### represents a random number.
The idea is that if the client/resolver decides to resolve this further, it will result in the generation of yet another alias, theoretically leading to a resolution of infinite chain of random aliases. In practice, however, most modern resolvers will terminate the resolution after encountering several consecutive alias records.
Category: Aliases
Tags: Amplification, Domain Lock-Up, Denial of Service
Format
spfalias2.<NUMBER>.yourdomain.com
Where:
- The
<NUMBER>parameter defines how many aliases should be generated in the response. Note that the number of aliases is limited by the maximum TXT label size of 255 bytes. If the specified number of aliases cannot fit within a single TXT record, multiple TXT records will be dynamically produced to accomodate all aliases.
Examples
By default, the module returns a single SPF alias:
# dig spfalias2.yourdomain.com @127.0.0.1 ; <<>> DiG 9.18.10-2-Debian <<>> spfalias2.yourdomain.com @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40902 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;spfalias2.yourdomain.com. IN A ;; ANSWER SECTION: spfalias2.yourdomain.com. 60 IN TXT "v=spf1 include:spfalias221021.yourdomain.com ~all" ;; Query time: 8 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Wed Oct 16 15:04:10 +04 2024 ;; MSG SIZE rcvd: 104
Same example as above, but this time we explicitly specify that we want to receive a single SPF record:
# dig spfalias2.1.yourdomain.com @127.0.0.1 ; <<>> DiG 9.18.10-2-Debian <<>> spfalias2.1.yourdomain.com @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50568 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;spfalias2.1.yourdomain.com. IN A ;; ANSWER SECTION: spfalias2.1.yourdomain.com. 60 IN TXT "v=spf1 include:spfalias26976.1.yourdomain.com ~all" ;; Query time: 8 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Wed Oct 16 15:04:11 +04 2024 ;; MSG SIZE rcvd: 107
In this case, we specify that we want to receive 11 (eleven) SPF aliases. These aliases will be fitted within the necessary number of TXT records as required:
# dig spfalias2.11.yourdomain.com @127.0.0.1 ; <<>> DiG 9.18.10-2-Debian <<>> spfalias2.11.yourdomain.com @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43201 ;; flags: qr aa; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;spfalias2.11.yourdomain.com. IN A ;; ANSWER SECTION: spfalias2.11.yourdomain.com. 60 IN TXT "v=spf1 include:spfalias240144.11.yourdomain.com include:spfalias265182.11.yourdomain.com include:spfalias245219.11.yourdomain.com include:spfalias247661.11.yourdomain.com include:spfalias243649.11.yourdomain.com ~all" spfalias2.11.yourdomain.com. 60 IN TXT "v=spf1 include:spfalias265611.11.yourdomain.com include:spfalias260064.11.yourdomain.com include:spfalias294134.11.yourdomain.com include:spfalias243027.11.yourdomain.com include:spfalias227584.11.yourdomain.com ~all" spfalias2.11.yourdomain.com. 60 IN TXT "v=spf1 include:spfalias271689.11.yourdomain.com ~all" ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Wed Oct 16 15:04:13 +04 2024 ;; MSG SIZE rcvd: 568
We can see that those 11 SPF aliases fit into 3 TXT records.
Here we can see that resolving any of the generated aliases leads to more aliases, potentially causing an infinite recursion:
# dig spfalias23456.11.yourdomain.com @127.0.0.1 ; <<>> DiG 9.18.10-2-Debian <<>> spfalias23456.11.yourdomain.com @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30113 ;; flags: qr aa; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;spfalias23456.11.yourdomain.com. IN A ;; ANSWER SECTION: spfalias23456.11.yourdomain.com. 60 IN TXT "v=spf1 include:spfalias252660.11.yourdomain.com include:spfalias295653.11.yourdomain.com include:spfalias285139.11.yourdomain.com include:spfalias298979.11.yourdomain.com include:spfalias23210.11.yourdomain.com ~all" spfalias23456.11.yourdomain.com. 60 IN TXT "v=spf1 include:spfalias219008.11.yourdomain.com include:spfalias240717.11.yourdomain.com include:spfalias284035.11.yourdomain.com include:spfalias270037.11.yourdomain.com include:spfalias242255.11.yourdomain.com ~all" spfalias23456.11.yourdomain.com. 60 IN TXT "v=spf1 include:spfalias224682.11.yourdomain.com ~all" ;; Query time: 4 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Wed Oct 16 15:57:37 +04 2024 ;; MSG SIZE rcvd: 571
From the same category
- Alias - Random Aliases
- CnAlias - Random CNAME Aliases
- DnAlias - Random DNAME Aliases
- HtAlias - Random HTTPS Aliases
- MxAlias - Random MX Aliases
- NptEnumAlias - Random NAPTR ENUM Aliases
- NsAlias - Random NS Aliases
- PtrAlias - Random PTR Aliases
- SpfAlias1 - Random SPF (TXT) Aliases (Variant 1)
- SrAlias - Random SRV Aliases
- SvAlias - Random SVCB Aliases