NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2000-08

Subject: Re: Incessant Bounces
From: Brad Knowles (blkskynet.be)
Date: Wed Aug 23 2000 - 12:28:06 CDT

Next message: Brad Knowles: "Re: Incessant Bounces"
Previous message: Brad Knowles: "Re: Incessant Bounces"
In reply to: Rask Ingemann Lambertsen: "Re: Incessant Bounces"
Next in thread: Rask Ingemann Lambertsen: "Re: Incessant Bounces"
Next in thread: Greg A. Woods: "Re: Incessant Bounces"
Reply: Brad Knowles: "Re: Incessant Bounces"
Reply: Rask Ingemann Lambertsen: "Re: Incessant Bounces"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 6:49 PM +0200 2000/8/23, Rask Ingemann Lambertsen wrote:

> Because a large number of sites now check for MX or A records, we will
> see an increasing number of cases like this one from a recent spam run:
>
> $ host -t MX netscap.com
> netscap.com mail is handled (pri=0) by mail.x1netscap.com
> $ host -t A mail.x1netscap.com
> Host not found.
>
> That way they evade most DNS checks, don't get any bounces and don't
> risk being dragged into court for abusing someone elses domain. I know rule
> #3 says spammers are stooopid, but there is still room for deviation.

Yup. So the next level of checks that will have to be
implemented on MTAs is to ensure that the target(s) of one or more MX
records actually resolves into one or more IP addresses, and we may
even have to take yet another step and correlate the IP addresses of
the target(s) of the MX record(s) back to the IP address of the
sender.

> I agree with that. If it's legitimate mail, bounce it now rather than
> let them wait for a week, which is completely useless. It is my experience
> so far that few postmasters watch their mail queue for signs of DNS
> problems or other easily correctable problems.

If you could be truly sure that the NXDOMAIN response you got
wasn't caused by problems in your local resolver or your local
caching nameserver, then I'd agree with you.

But you can't, so I don't.

--
   These are my opinions -- not to be taken as official Skynet policy
======================================================================
Brad Knowles, <blkskynet.be>                || Belgacom Skynet SA/NV
Systems Architect, Mail/News/FTP/Proxy Admin || Rue Colonel Bourg, 124
Phone/Fax: +32-2-706.13.11/12.49             || B-1140 Brussels
http://www.skynet.be                         || Belgium
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
     -Benjamin Franklin, Historical Review of Pennsylvania.

Next message: Brad Knowles: "Re: Incessant Bounces"
Previous message: Brad Knowles: "Re: Incessant Bounces"
In reply to: Rask Ingemann Lambertsen: "Re: Incessant Bounces"
Next in thread: Rask Ingemann Lambertsen: "Re: Incessant Bounces"
Next in thread: Greg A. Woods: "Re: Incessant Bounces"
Reply: Brad Knowles: "Re: Incessant Bounces"
Reply: Rask Ingemann Lambertsen: "Re: Incessant Bounces"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]