do you use SPF TXT RRs? (RFC4408)

Suresh Ramasubramanian ops.lists at
Mon Oct 4 16:05:12 CDT 2010

dig NS
dig NS

etc etc ... and then check_sender_ns_access in postfix, for example.

Scales much better than whackamoling one domain after the other on the same NS

On Mon, Oct 4, 2010 at 4:59 PM,  <Valdis.Kletnieks at> wrote:
> 140 million .coms. Throw-away domains. I do believe that Marcus Ranum had
> "trying to enumerate badness" on his list of "Six stupidest security ideas".
> This won't scale as long as you have more spammers adding new domains faster
> than your NOC staff can add them to the blacklist.
> (And even centralized blacklists run by dedicated organizations haven't solved
> the problem yet, so I'm not holding my breath waiting for that to work out...)

Suresh Ramasubramanian (ops.lists at

More information about the NANOG mailing list