[120350] in North American Network Operators' Group
Re: DNS question, null MX records
daemon@ATHENA.MIT.EDU (Paul Vixie)
Thu Dec 17 00:36:49 2009
To: nanog@merit.edu
From: Paul Vixie <vixie@isc.org>
Date: Thu, 17 Dec 2009 05:36:01 +0000
In-Reply-To: <4B298750.3010208@mail-abuse.org> (Douglas Otis's message of
"Wed\, 16 Dec 2009 17\:20\:16 -0800")
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Douglas Otis <dotis@mail-abuse.org> writes:
> Agreed. But it will impact providers generating a large amount of bounce
> traffic, and some portion of spam sources that often start at lower
> priority MX records in an attempt to find backup servers without valid
> recipient information. In either case, this will not cause extraneous
> traffic to hit roots or ARPA.
if you're just trying to stop blowback from forged-source spam, and not
trying to stop the spam itself, then some mechanism like an unreachable
MX does seem called for. note that those approaches will cause queuing
on the blowerbackers, rather than outright reject/die. other approaches
that could cause outright reject/die would likely direct the blowback to
the blowback postmasters, who are as innocent as the spam victims. i'm
not sure there's a right way to do this in current SMTP. i used to think
we could offer to verify that a piece of e-mail had come from us using
some kind of semi-opaque H(message-id) scheme, but in studying it i
found that as usual with spam the economic incentives are all backwards.
--
Paul Vixie
KI6YSY
