nanog mailing list archives

Re: What would you do about questionable domain pointing A record to your IP address?

From: Jack Bates <jbates () paradoxnetworks net>
Date: Fri, 20 Feb 2015 11:53:52 -0600

On 2/20/2015 11:08 AM, Anne P. Mitchell, Esq. wrote:

a) just not worry about it and keep an eye on it

If they have held the netblock for awhile and are already using the IPAddress in question, this is fine. I presume that the servers don'tactually respond for that domain (name-based web or domain basedacceptance on a mail server).

b) publish a really tight spf record on it, so if they are somehow compromised, email appearing to come from 
example.com and 127.0.0.1 should be denied

You must control a domain to control its SPF. This is not an option ifthey don't control the bad domain. DKIM or similar might be the moreappropriate protocol? SPF protects domains, some of the other protocolsprotect the mail servers themselves.

c) not use the IP address at all (it's part of a substantially larger block)

If it's a recently acquired netblock, then it may have a bad reputationdue to prior use. Investigating the reputation and possibly avoidingthat particular IP Address might be warranted.


Jack

Current thread:

What would you do about questionable domain pointing A record to your IP address? Anne P. Mitchell, Esq. (Feb 20)
- Re: What would you do about questionable domain pointing A record to your IP address? Donald Eastlake (Feb 20)
- Re: What would you do about questionable domain pointing A record to your IP address? Jack Bates (Feb 20)
- Re: What would you do about questionable domain pointing A record to your IP address? William Herrin (Feb 20)
  - Re: What would you do about questionable domain pointing A record to your IP address? Anne P. Mitchell, Esq. (Feb 23)