DNS: anything goes?

Jim Reid jim at rfc1035.com
Wed May 31 08:13:45 UTC 2000 

>>>>> "Kevin" == Kevin Darcy <kcd at daimlerchrysler.com> writes:

    Kevin> DNS is just a database; as long as the names stay within
    Kevin> the syntactic guidelines, they are "allowed". Blaming DNS
    Kevin> for allowing malicious MX (or whatever) records to be
    Kevin> advertised is like blaming a piece of paper because someone
    Kevin> scrawled something vulgar and/or hateful on it. If some
    Kevin> miscreant points their MX record at 127.0.0.1, then good
    Kevin> mail software should simply ignore that MX record as if it
    Kevin> never existed, since it is "obviously" bogus.

Er, no. There are circumstances - testing for instance - where it's
perfectly reasonable and valid to send mail via the loopback
interface. So if mail software singled out this address or MX records
pointing at this address for special treatment, that would be wrong
IMHO. Creating a corner case like that would also complicate the code
and mail config files. And as a general rule I think software should
do what it's told rather than second-guess possibly incorrect or
inaccurate information. [For instance if you feed garbage to the
compiler, it doesn't produce a working version of the program you
wanted to write, so why should bad data in the DNS be treated
differently?] So if the MX records for scumbag-spammer.com say deliver
mail to localhost, that's what the mail system should do. End of
story. Whether someone actually sends mail to scumbag-spammer.com or
not is another matter.

BTW you shouldn't reply to the address that the spammer advertises.
(Or says send to XXX to get yourself removed from the list.) That just
means your email address is added to yet another spam list, one that
contains current valid email addresses. This information is gold dust
to spammers. There's plenty of information about how to counter
spam. See http://www.mail-abuse.org and http://www.orbs.org. Since my
mail system adopted their anti-spam measures, I've received almost no
spam at all. But no doubt I'm tempting fate by saying that.

More information about the bind-users mailing list