Mailing List SIMS@mail.stalker.com Message #13647
From: chris <cb@mythtech.net>
Subject: Re: Verisign's new wildcard records and "Verify Return Paths"
Date: Tue, 16 Sep 2003 14:26:39 -0400
To: SIMS Discussions <SIMS@mail.stalker.com>
X-Mailer: Claris Emailer 2.0v3, January 22, 1998
>My wife just asked me if this was going to kill backup MX servers, because
>all .com and .net domains will resolve.  While this won't be a problem for
>us, since we're a .org, I couldn't answer one way or the other.
>
>So, if a MX points a domain that resolves, but (hopefully!) doesn't respond
>to SMTP queries, do MTAs correctly fall back to the next higher MX record?

I don't think it will have any effect on MX. Actually, from what I
understood of the article I read, it won't have any effect on any
registered domain for any service, regardless of if a server is up or
down.

It looks like all they are doing is, any domain name that is not
currently registered, they will return an IP despite the fact that there
is no DNS record for it.

Basically that means ALL POSSIBLE .com and .net domains are now
"registered" as far as DNS is concerned, as all possible .com and .net
domains will now resolve to a web server, even unregistered ones. So if
you go to a web browser, and type random characters and end it with .com,
it will load the VeriSign search page instead of a "no such domain" error
page.

Why this effects mail servers is because of the verify return paths
option. A lot of spammers use fake domain names that don't resolve to
anything. SIMS can check to see if their domain name has a valid DNS
entry, and if not, reject the email. Only now, thanks to VeriSign, ALL
domains, regardless of if they are real, will return a valid DNS entry.
So they have basically just rendered SIMS' "verify return paths" spam
filter useless.

-chris
<http://www.mythtech.net>

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster