Re: What *are* they smoking?

[Chris Adams <cmadams () hiwaay net>]

Once upon a time, Christopher X. Candreva <chris () westnet com> said:
> This also blows away the whole idea of rejeting mail from non-existant
> domains -- never mind all the bounces to these non-existant domains when the
> spammers get ahold of them. Boy, I hope they have a good mail server
> responding with the 550 on that IP !
>
> At the least we need a way for MTA's to reject mail from domains that
> resolve to this nonsense. Having bind put NXDOMAIN back would be a plus.

I see a few of ways to distinguish the responses at the moment (without
hard-coding the IP address or reverse DNS for that IP):

- the TTL on the bogusdomain.net responses in 15M instead of 2D

- on bogusdomain.net responses, the ADDITIONAL and AUTHORITY records all
  point to gtld-servers.net servers, while normal requests get records
  pointing somewhere else

- there are no NS records for bogusdomain.net

None of these help MTAs today.

For sendmail, you could do something with the dns map to look for NS
records for something.net when you get @blah.something.net.  However, it
means one more DNS lookup for everything ending in .com or .net.

-- 
Chris Adams <cmadams () hiwaay net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.