nanog mailing list archives
Re: What would you do about questionable domain pointing A record to your IP address?
From: Jack Bates <jbates () paradoxnetworks net>
Date: Fri, 20 Feb 2015 11:53:52 -0600
On 2/20/2015 11:08 AM, Anne P. Mitchell, Esq. wrote:
If they have held the netblock for awhile and are already using the IP Address in question, this is fine. I presume that the servers don't actually respond for that domain (name-based web or domain based acceptance on a mail server).a) just not worry about it and keep an eye on it
You must control a domain to control its SPF. This is not an option if they don't control the bad domain. DKIM or similar might be the more appropriate protocol? SPF protects domains, some of the other protocols protect the mail servers themselves.b) publish a really tight spf record on it, so if they are somehow compromised, email appearing to come from example.com and 127.0.0.1 should be denied
If it's a recently acquired netblock, then it may have a bad reputation due to prior use. Investigating the reputation and possibly avoiding that particular IP Address might be warranted.c) not use the IP address at all (it's part of a substantially larger block)
Jack
Current thread:
- What would you do about questionable domain pointing A record to your IP address? Anne P. Mitchell, Esq. (Feb 20)
- Re: What would you do about questionable domain pointing A record to your IP address? Donald Eastlake (Feb 20)
- Re: What would you do about questionable domain pointing A record to your IP address? Jack Bates (Feb 20)
- Re: What would you do about questionable domain pointing A record to your IP address? William Herrin (Feb 20)
- Re: What would you do about questionable domain pointing A record to your IP address? Anne P. Mitchell, Esq. (Feb 23)