home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   comp.protocols.tcp-ip      TCP and IP network protocols.      14,669 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 12,790 of 14,669   
   Vernon Schryver to barmar@alum.mit.edu   
   Re: Domain name maps to 0.0.0.0   
   27 Mar 09 02:36:47   
   
   From: vjs@calcite.rhyolite.com   
      
   In article ,   
   Barry Margolin   wrote:   
      
   >> >Sometimes companies put useless A records on their domain name as an   
   >> >anti-spam measure.  I think there are some spambots that send to the A   
   >> >record rather than the MX record, so putting 0.0.0.0 or 127.0.0.1 in the   
   >> >A record will prevent them from sending to you.   
   >>   
   >> It will also trigger spam defenses in many SMTP servers (mail   
   >> receivers) to refuse mail from domain names that resolve to bogus   
   >> IP addresses.  Domains that can't receive a bounce (NDR) shouldn't   
   >> be sending any mail.  (Never mind that bounces must be avoided today   
   >> to minimize spam backscatter.)   
   >   
   >But if the name has an MX record then it CAN receive a bounce.  The   
   >bogus A record is irrelevant, since MX records take precedence.   
      
   That's right; I was thinking of bogus A RRs when the MX does not exist.   
      
   On the other hand, an organization that thinks that a bogus A record   
   with a valid MX is a start on a FUSSP is unclear on fundamental concepts.   
      
   A modest fundamental concept is that not answering port 25 is as   
   effective as a bogus IP address but need not risk, as in this case,   
   losing profitable web page hits.   
      
   More important is that contrary to the regularly shouted delusions of   
   grandeur of some spammer fighters, spammers have in general always   
   understood more about email, TCP/IP, and the Internet in general than   
   too many SMTP server operators and most loud spammer fighters.   
   (for values of "always" starting at least with Spamford Wallace.)   
      
   If a spammer understands enough about MX and A RRs to reverse their   
   normal order and try the A RR first in hope of bypassing defenses, then   
   it also understands enough to fall back to the MX RRs in reverse   
   precedence order.  You must also assume it understands enough to not   
   waste time or bandwidth trying bogus addresses, including not only   
   0.0.0.0 and 127/8, but also RFC 1918, 192.0.2.0/24, etc. or it will   
   tell its botnet to try simultaneously all addresses found via all CNAME,   
   A, and MX RRs, bogus or not, and maybe also whatever looks promising   
   in SOAs and NSs.   
      
      
   Vernon Schryver    vjs@rhyolite.com   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca