What would you do about questionable domain pointing A record to your IP address?
Jack Bates
jbates at paradoxnetworks.net
Fri Feb 20 17:53:52 UTC 2015
On 2/20/2015 11:08 AM, Anne P. Mitchell, Esq. wrote:
> a) just not worry about it and keep an eye on it
If they have held the netblock for awhile and are already using the IP
Address in question, this is fine. I presume that the servers don't
actually respond for that domain (name-based web or domain based
acceptance on a mail server).
> b) publish a really tight spf record on it, so if they are somehow compromised, email appearing to come from example.com and 127.0.0.1 should be denied
You must control a domain to control its SPF. This is not an option if
they don't control the bad domain. DKIM or similar might be the more
appropriate protocol? SPF protects domains, some of the other protocols
protect the mail servers themselves.
> c) not use the IP address at all (it's part of a substantially larger block)
>
>
If it's a recently acquired netblock, then it may have a bad reputation
due to prior use. Investigating the reputation and possibly avoiding
that particular IP Address might be warranted.
Jack
More information about the NANOG
mailing list