This document recommends ways to reduce the forged-origin hijack attack surface by prudently limiting the set of IP prefixes that are