[96690] in North American Network Operators' Group
Re: Interesting new dns failures
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Mon May 21 16:08:23 2007
To: Roger Marquis <marquis@roble.com>
Cc: nanog@merit.edu
In-Reply-To: Your message of "Mon, 21 May 2007 11:54:36 PDT."
<20070521112937.U27352@ubfganzr>
From: Valdis.Kletnieks@vt.edu
Date: Mon, 21 May 2007 16:03:17 -0400
Errors-To: owner-nanog@merit.edu
--==_Exmh_1179777797_3716P
Content-Type: text/plain; charset=us-ascii
On Mon, 21 May 2007 11:54:36 PDT, Roger Marquis said:
> Are there sites that accept mail from domains without a valid MX/A
> record?
Depends what you call "valid". A lot of sites get *real* confused when they
find out that the MX for foo.com is where foo.com's *inbound* mail servers
live, and that their *outward* facing mail servers are someplace totally
different (yes, there's *still* places that get this wrong - obviously,
not being able to talk to any of the 800-pound gorillas or even the 200-pound
dachsunds out there doesn't cause the sites to acquire kloo).
Then there's all the "valid" issues caused by "domain on MAIL FROM doesn't
match the EHLO and/or PTR lookups" that SPF and similar schemes haven't
succeeded in curing...
But in general, if a non-null MAIL FROM: arrives, and the purported domain
comes up NXDOMAIN or similar *totally* unreachable (as opposed to just hinky),
you're totally justified in either 4xx or 5xx'ing the sucker, because if you
250 it and then have to generate a bounce, you're left holding the bag. But
again, just because it's a bad idea doesn't mean there's probably lots of places
that still do it...
Or as a co-worker who lurks here said the other day:
"212.150.245.56 resolves to 212.150.245.56.245.150.212.in-addr.arpa
And they want to know why we block it."
--==_Exmh_1179777797_3716P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFGUfsFcC3lWbTT17ARAvkvAJ4ncTL1dJe/fA95lKMfCo+qv/57bwCg1AKV
6VLZ6sr4+lXiguU7dehbEJ8=
=YAav
-----END PGP SIGNATURE-----
--==_Exmh_1179777797_3716P--
