On Fri, Mar 28, 2008 at 11:34:58AM +1100, Mark Andrews wrote:
On Fri, Mar 28, 2008 at 11:16:36AM +1100, Mark Andrews wrote:
Q: how to mark a domain that does not wish to receive email?
A: don't run SMTP.
Which is a temporary error to SMTP.
yup. so what?
you want the DNS to act as a trusted third party?
sounds like an attack vector to me.
So does turning off the smtp service and sending lots of
email to that email domain. Look at what happens when
google, hotmail etc. temp fail all email to them because
of some spam that came from a host without actively attempting
to fill up the mail spools.
turning off smtp service to a domain == NOT an email domain.
forcing SMTP to require DNS lookups indicates that any one
who can hijack the DNS data can redirect your DNS lookups
to someplace that does SMTP w/o your permission and can
do all sorts of nastiness.
do you want one attack vector or two?
What's the difference between "MX 0 ." and "MX 0 badhost"?
I don't believe codifying "MX 0 ." changes the threat level.
Opinions expressed may not even be mine by the time you read them, and
certainly don't reflect those of any other entity (legal or otherwise).
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews(_at_)isc(_dot_)org