DNS question, null MX records

Paul Vixie vixie at isc.org
Wed Dec 16 23:36:01 CST 2009


Douglas Otis <dotis at mail-abuse.org> writes:

> Agreed. But it will impact providers generating a large amount of bounce
> traffic, and some portion of spam sources that often start at lower
> priority MX records in an attempt to find backup servers without valid
> recipient information.  In either case, this will not cause extraneous
> traffic to hit roots or ARPA.

if you're just trying to stop blowback from forged-source spam, and not
trying to stop the spam itself, then some mechanism like an unreachable
MX does seem called for.  note that those approaches will cause queuing
on the blowerbackers, rather than outright reject/die.  other approaches
that could cause outright reject/die would likely direct the blowback to
the blowback postmasters, who are as innocent as the spam victims.  i'm
not sure there's a right way to do this in current SMTP.  i used to think
we could offer to verify that a piece of e-mail had come from us using
some kind of semi-opaque H(message-id) scheme, but in studying it i
found that as usual with spam the economic incentives are all backwards.
-- 
Paul Vixie
KI6YSY




More information about the NANOG mailing list