[178225] in North American Network Operators' Group
Re: What would you do about questionable domain pointing A record to
daemon@ATHENA.MIT.EDU (Donald Eastlake)
Fri Feb 20 12:38:41 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <99269447-57E1-4B93-BC51-8BFA2D24F9AC@isipp.com>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Fri, 20 Feb 2015 12:38:17 -0500
To: "Anne P. Mitchell, Esq." <amitchell@isipp.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Hi,
On Fri, Feb 20, 2015 at 12:08 PM, Anne P. Mitchell, Esq.
<amitchell@isipp.com> wrote:
> All,
>
> We have a rather strange situation (well, strange to me, at least).
>
> We have an email reputation accreditation applicant, who otherwise looks =
clean, however there is a very strange and somewhat concerning domain being=
pointed to one of the applicant's IP addresses Let's call the domain exam=
ple.com, and the IP address 127.0.0.1, for these purposes.
>
> Applicant is assigned 127.0.0.1. the rDNS correctly goes to their own do=
main.
>
> However, example.com (which in reality is a concerning domain name) claim=
s 127.0.0.1 as their A record.
I don't think having an A record in the DNS is really a "claim". Let's
say I want to send mail to company.example.com but I don't like them
so much so I set up companySUCKS.foo.example.com pointing at their
mail server either through an A record or a CNAME... Then, I believe,
inside my mail, the mail could appear to be to
person@companySUCKS.foo.example.com if it wasn't blocked by some
security mechanism. Perhaps this is protected speech or, with a few
changes, a parody or something.
See Section 4.1.3 "You Can't Control What Names Point At You" in my
RFC http://tools.ietf.org/html/rfc3675
A somewhat similar thing is in Section 4.1.4.1 of that RFC where I was
on social mailing list with an innocuous name and someone had long set
up a forwarder so that if you sent email to
cat-torturers@other.example (real left hand side, obviously not the
real right hand side). It would get sent to the social mailing list
and the that address would appear in the "to:" line inside the mail.
For that particular crowd, most people thought this was pretty funny,
but it is the same sort of thing.
> Of course, example.com is registered privately, and their DNS provider is=
one who is...umm... "known to provide dns for domains seen in spam."
>
> As I see it, the applicant's options are:
>
> a) just not worry about it and keep an eye on it
>
> b) publish a really tight spf record on it, so if they are somehow compro=
mised, email appearing to come from example.com and 127.0.0.1 should be den=
ied
>
> c) not use the IP address at all (it's part of a substantially larger blo=
ck)
>
> d) two or more of the above.
>
> Thoughts? What would you do?
If it isn't actually causing a problem, a) seems viable but you could
certainly do b) or c) or both if you feel like it.
Anyway, I'm not a lawyer... :-)
Donald
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D
Donald E. Eastlake 3rd +1-508-333-2270 (cell)
155 Beaver Street, Milford, MA 01757 USA
d3e3e3@gmail.com
> Thanks!
>
> Anne
>
> Anne P. Mitchell, Esq.
> CEO/President
> ISIPP SuretyMail Email Reputation, Accreditation & Certification
> Your mail system + SuretyMail accreditation =3D delivered to their inbox!
> http://www.SuretyMail.com/
> http://www.SuretyMail.eu/
>
> Author: Section 6 of the Federal CAN-SPAM Act of 2003
> Member, California Bar Cyberspace Law Committee
> Ret. Professor of Law, Lincoln Law School of San Jose
> 303-731-2121 | amitchell@isipp.com | @AnnePMitchell | Facebook/AnnePMitch=
ell
>
>
>
