[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

you must fill your zones with TXT records

To: ietf-mxcomp@xxxxxxx
Subject: you must fill your zones with TXT records
From: Tony Finch <dot@xxxxxxxx>
Date: Tue, 10 Aug 2004 20:18:40 +0100
List-archive: <http://www.imc.org/ietf-mxcomp/mail-archive/>
List-id: <ietf-mxcomp.imc.org>
List-unsubscribe: <mailto:ietf-mxcomp-request@imc.org?body=unsubscribe>
Sender: owner-ietf-mxcomp@xxxxxxxxxxxx

Traditional remote domain verification involves checking that the domain
stated in an email address has a valid MX or A record published in the
DNS. This implies that a spammer could send email "from" any old machine
with an A record and expect it to be accepted. Sender-ID does not solve
this problem unless you publish a -all record for EVERY HOST on your
network, since in the absence of a Sender-ID record the recipient will
fall back to the current behaviour.

With CSV the problem is slightly worse, because traditionally no checking
is done on the HELO domain. To prevent a spammer from making up names in
your zone, you must publish a wildcard -all record to ensure that the
recipient knows that you are aware of CSV and wish to ban the use of
nonexistent naes.

Tony.
-- 
f.a.n.finch  <dot@xxxxxxxx>  http://dotat.at/
BERWICK ON TWEED TO WHITBY: WEST OR SOUTHWEST 2 OR 3 INCREASING 3 OR 4. FAIR.
GOOD. SLIGHT OR SMOOTH.

Follow-Ups:
- Re: you must fill your zones with TXT records
  - From: Meng Weng Wong

Prev by Date: When SPF is incompatible with Sender-ID
Next by Date: Re: change of version string
Previous by thread: When SPF is incompatible with Sender-ID
Next by thread: Re: you must fill your zones with TXT records
Index(es):
- Date
- Thread