Blocking MX query

Mark Andrews marka at isc.org
Tue Sep 4 21:00:33 CDT 2012


In message <CAArzuost70Yq=KfXHXZSOV+ptg6apiDzm71=FhCS+Ty_yo5OAA at mail.gmail.com>, Suresh Ramasubramanian writes:
> On Wed, Sep 5, 2012 at 6:38 AM, Mark Andrews <marka at isc.org> wrote:
> >
> >         MUA's can make MX queries to validate entered addresses
> >         before SMTP/SUBMISSION is even attempted.
> >
> 
> Sure but not on this guy's network as he's transparently proxying dns
> and blocking MX requests on his proxy

Well he was looking for software to block the queries.  There is a
whole mentality that homes don't need X which on closer examination
just doesn't bear up to scrutany.  This includes blocking SMTP or
don't you think home users are entitled to have privacy when it
comes to whom they email?

STARTTLS from anywhere to anywhere is possible today and is not
vulnerable to interception except in the MX's themselves.  You can
secure the MX records (and their absense) and secure the CERTs used
by STARTTLS.

> Of course a bot can build up a rich cache of MX records from elsewhere
> and send from a botted 3g modem connected host on his network
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the NANOG mailing list