What *are* they smoking?
Chris Adams
cmadams at hiwaay.net
Mon Sep 15 23:54:00 UTC 2003
Once upon a time, Christopher X. Candreva <chris at westnet.com> said:
> This also blows away the whole idea of rejeting mail from non-existant
> domains -- never mind all the bounces to these non-existant domains when the
> spammers get ahold of them. Boy, I hope they have a good mail server
> responding with the 550 on that IP !
>
> At the least we need a way for MTA's to reject mail from domains that
> resolve to this nonsense. Having bind put NXDOMAIN back would be a plus.
I see a few of ways to distinguish the responses at the moment (without
hard-coding the IP address or reverse DNS for that IP):
- the TTL on the bogusdomain.net responses in 15M instead of 2D
- on bogusdomain.net responses, the ADDITIONAL and AUTHORITY records all
point to gtld-servers.net servers, while normal requests get records
pointing somewhere else
- there are no NS records for bogusdomain.net
None of these help MTAs today.
For sendmail, you could do something with the dns map to look for NS
records for something.net when you get @blah.something.net. However, it
means one more DNS lookup for everything ending in .com or .net.
--
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
More information about the NANOG
mailing list