Blocking MX query

Mark Andrews marka at
Wed Sep 5 02:00:33 UTC 2012

In message <CAArzuost70Yq=KfXHXZSOV+ptg6apiDzm71=FhCS+Ty_yo5OAA at>, Suresh Ramasubramanian writes:
> On Wed, Sep 5, 2012 at 6:38 AM, Mark Andrews <marka at> wrote:
> >
> >         MUA's can make MX queries to validate entered addresses
> >         before SMTP/SUBMISSION is even attempted.
> >
> Sure but not on this guy's network as he's transparently proxying dns
> and blocking MX requests on his proxy

Well he was looking for software to block the queries.  There is a
whole mentality that homes don't need X which on closer examination
just doesn't bear up to scrutany.  This includes blocking SMTP or
don't you think home users are entitled to have privacy when it
comes to whom they email?

STARTTLS from anywhere to anywhere is possible today and is not
vulnerable to interception except in the MX's themselves.  You can
secure the MX records (and their absense) and secure the CERTs used

> Of course a bot can build up a rich cache of MX records from elsewhere
> and send from a botted 3g modem connected host on his network
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at

More information about the NANOG mailing list