Strange MX Record for altavista.com
Three Letter Acronym
tla at spiderchain.com
Wed Sep 1 23:33:43 UTC 2004
Mark Andrews wrote:
>>There is a mail system here that has mail queued for altavista.com.
>>dig reports:
>>
>>atalanta% dig altavista.com mx
>>
>> ; <<>> DiG 8.3 <<>> altavista.com mx
>> ;; res options: init recurs defnam dnsrch
>> ;; got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 0
>> ;; QUERY SECTION:
>> ;; altavista.com, type = MX, class = IN
>>
>> ;; ANSWER SECTION:
>> altavista.com. 10M IN MX 0 .
>>
[snip]
>>That is a strange MX record. When that mail system (MX Exchange)
>>tries to send the mail, it opens an SMTP port 25 connection to one of
>>my DNS servers. Is this what is supposed to happen? Thanks.
[snip]
> It's an attempt to say "don't sent mail to the domain
> altavista.com." It's a pity it is not been codified
> AFAIK.
>
> I would be teaching my MTA to treat a MX record like
> this as a indication to just bounce the mail.
>
Note that altavista.com uses SPF to declare that they don't send any
mail either...
--eli
dart at laptop ~ >> dig txt altavista.com
; <<>> DiG 9.2.3 <<>> txt altavista.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54292
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 5, ADDITIONAL: 0
;; QUESTION SECTION:
;altavista.com. IN TXT
;; ANSWER SECTION:
altavista.com. 587 IN TXT "Null SPF is for
tracking purposes only"
altavista.com. 587 IN TXT "All mail claiming to be
from altavista.com is forged"
altavista.com. 587 IN TXT "v=spf1
+exists:CL.%{i}.FR.%{s}.HE.%{h}.null.spf.altavista.com -all"
altavista.com. 587 IN TXT "This domain sends no email"
More information about the bind-users
mailing list