Re: VeriSign SMTP reject server updated

[Michael.Dillon () radianz com]

> > Wrong protocol.  There should be *NO* SMTP transactions for 
> > non-extistant domains. 

> After being bit by this over the weekend I would have to agree, due to
> a screwup at netSOL a companies domain I manage was resolving to their
> sitefinder service, and all mail just went *poof*.

At anytime, Verisign could remove your .COM domain from their DNS for
a short period of time which would result in all of your inbound
email going to the Verisign collector servers. If this was only done
for a brief interval, say 10 minutes, you might never notice that it
had happened. But Versign's industrial espionage department would have
your email in their hands and could do whatever they wish with it.
How profitable might that be?

Of course, the right way to do this would be to resend the email onward
so that you never notice any missing messages at all. In fact, if I 
were designing the system to do this, I wouldn't log anything at the
mailserver. I'd let the mail server and web server technical folks
have plausible deniability. Meanwhile, I would have diverted a copy of
the mailserver communications at the Ethernet switch to a secret server
that does the actual logging of addresses and messages.

Son of Carnivore?

--Michael Dillon