Re: What would you do about questionable domain pointing A record to your IP address?

[Donald Eastlake <d3e3e3 () gmail com>]

Hi,

On Fri, Feb 20, 2015 at 12:08 PM, Anne P. Mitchell, Esq.
<amitchell () isipp com> wrote:
> All,
>
> We have a rather strange situation (well, strange to me, at least).
>
> We have an email reputation accreditation applicant, who otherwise looks clean, however there is a very strange and 
> somewhat concerning domain being pointed to one of the applicant's IP addresses  Let's call the domain example.com, 
> and the IP address 127.0.0.1, for these purposes.
>
> Applicant is assigned 127.0.0.1.  the rDNS correctly goes to their own domain.
>
> However, example.com (which in reality is a concerning domain name) claims 127.0.0.1 as their A record.

I don't think having an A record in the DNS is really a "claim". Let's
say I want to send mail to company.example.com but I don't like them
so much so I set up companySUCKS.foo.example.com pointing at their
mail server either through an A record or a CNAME... Then, I believe,
inside my mail, the mail could appear to be to
person () companySUCKS foo example com if it wasn't blocked by some
security mechanism. Perhaps this is protected speech or, with a few
changes, a parody or something.

See Section 4.1.3 "You Can't Control What Names Point At You" in my
RFC http://tools.ietf.org/html/rfc3675

A somewhat similar thing is in Section 4.1.4.1 of that RFC where I was
on social mailing list with an innocuous name and someone had long set
up a forwarder so that if you sent email to
cat-torturers@other.example (real left hand side, obviously not the
real right hand side). It would get sent to the social mailing list
and the that address would appear in the "to:" line inside the mail.
For that particular crowd, most people thought this was pretty funny,
but it is the same sort of thing.

> Of course, example.com is registered privately, and their DNS provider is one who is...umm... "known to provide dns 
> for domains seen in spam."
>
> As I see it, the applicant's options are:
>
> a) just not worry about it and keep an eye on it
>
> b) publish a really tight spf record on it, so if they are somehow compromised, email appearing to come from 
> example.com and 127.0.0.1 should be denied
>
> c) not use the IP address at all (it's part of a substantially larger block)
>
> d) two or more of the above.
>
> Thoughts?  What would you do?

If it isn't actually causing a problem, a) seems viable but you could
certainly do b) or c) or both if you feel like it.

Anyway, I'm not a lawyer... :-)

Donald
=============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e3e3 () gmail com

> Thanks!
>
> Anne
>
> Anne P. Mitchell, Esq.
> CEO/President
> ISIPP SuretyMail Email Reputation, Accreditation & Certification
> Your mail system + SuretyMail accreditation = delivered to their inbox!
> http://www.SuretyMail.com/
> http://www.SuretyMail.eu/
>
> Author: Section 6 of the Federal CAN-SPAM Act of 2003
> Member, California Bar Cyberspace Law Committee
> Ret. Professor of Law, Lincoln Law School of San Jose
> 303-731-2121 | amitchell () isipp com | @AnnePMitchell | Facebook/AnnePMitchell