[Top] [All Lists]

Re: How to mark domains that do / do not wish to receive email

2008-03-27 20:03:10

On Fri, Mar 28, 2008 at 11:34:58AM +1100, Mark Andrews wrote:

On Fri, Mar 28, 2008 at 11:16:36AM +1100, Mark Andrews wrote:

      Q: how to mark a domain that does not wish to receive email?
      A: don't run SMTP.

        Which is a temporary error to SMTP.

  yup.  so what?
  you want the DNS to act as a trusted third party?
  sounds like an attack vector to me.

    So does turning off the smtp service and sending lots of
    email to that email domain.  Look at what happens when
    google, hotmail etc. temp fail all email to them because
    of some spam that came from a host without actively attempting
    to fill up the mail spools.

      turning off smtp service to a domain == NOT an email domain.
      forcing SMTP to require DNS lookups indicates that any one 
      who can hijack the DNS data can redirect your DNS lookups
      to someplace that does SMTP w/o your permission and can 
      do all sorts of nastiness. 
      do you want one attack vector or two?

        What's the difference between "MX 0 ." and "MX 0 badhost"?

        I don't believe codifying "MX 0 ." changes the threat level.


Opinions expressed may not even be mine by the time you read them, and
certainly don't reflect those of any other entity (legal or otherwise).

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews(_at_)isc(_dot_)org