[156044] in North American Network Operators' Group
Re: Blocking MX query
daemon@ATHENA.MIT.EDU (Mark Andrews)
Tue Sep 4 22:01:07 2012
To: Suresh Ramasubramanian <ops.lists@gmail.com>
From: Mark Andrews <marka@isc.org>
In-reply-to: Your message of "Wed, 05 Sep 2012 07:18:37 +0530."
<CAArzuost70Yq=KfXHXZSOV+ptg6apiDzm71=FhCS+Ty_yo5OAA@mail.gmail.com>
Date: Wed, 05 Sep 2012 12:00:33 +1000
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
In message <CAArzuost70Yq=KfXHXZSOV+ptg6apiDzm71=FhCS+Ty_yo5OAA@mail.gmail.com>, Suresh Ramasubramanian writes:
> On Wed, Sep 5, 2012 at 6:38 AM, Mark Andrews <marka@isc.org> wrote:
> >
> > MUA's can make MX queries to validate entered addresses
> > before SMTP/SUBMISSION is even attempted.
> >
>
> Sure but not on this guy's network as he's transparently proxying dns
> and blocking MX requests on his proxy
Well he was looking for software to block the queries. There is a
whole mentality that homes don't need X which on closer examination
just doesn't bear up to scrutany. This includes blocking SMTP or
don't you think home users are entitled to have privacy when it
comes to whom they email?
STARTTLS from anywhere to anywhere is possible today and is not
vulnerable to interception except in the MX's themselves. You can
secure the MX records (and their absense) and secure the CERTs used
by STARTTLS.
> Of course a bot can build up a rich cache of MX records from elsewhere
> and send from a botted 3g modem connected host on his network
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
