Hi, On Fri, Feb 20, 2015 at 12:08 PM, Anne P. Mitchell, Esq. <amitchell@isipp.com> wrote:
All,
We have a rather strange situation (well, strange to me, at least).
We have an email reputation accreditation applicant, who otherwise looks clean, however there is a very strange and somewhat concerning domain being pointed to one of the applicant's IP addresses Let's call the domain example.com, and the IP address 127.0.0.1, for these purposes.
Applicant is assigned 127.0.0.1. the rDNS correctly goes to their own domain.
However, example.com (which in reality is a concerning domain name) claims 127.0.0.1 as their A record.
I don't think having an A record in the DNS is really a "claim". Let's say I want to send mail to company.example.com but I don't like them so much so I set up companySUCKS.foo.example.com pointing at their mail server either through an A record or a CNAME... Then, I believe, inside my mail, the mail could appear to be to person@companySUCKS.foo.example.com if it wasn't blocked by some security mechanism. Perhaps this is protected speech or, with a few changes, a parody or something. See Section 4.1.3 "You Can't Control What Names Point At You" in my RFC http://tools.ietf.org/html/rfc3675 A somewhat similar thing is in Section 4.1.4.1 of that RFC where I was on social mailing list with an innocuous name and someone had long set up a forwarder so that if you sent email to cat-torturers@other.example (real left hand side, obviously not the real right hand side). It would get sent to the social mailing list and the that address would appear in the "to:" line inside the mail. For that particular crowd, most people thought this was pretty funny, but it is the same sort of thing.
Of course, example.com is registered privately, and their DNS provider is one who is...umm... "known to provide dns for domains seen in spam."
As I see it, the applicant's options are:
a) just not worry about it and keep an eye on it
b) publish a really tight spf record on it, so if they are somehow compromised, email appearing to come from example.com and 127.0.0.1 should be denied
c) not use the IP address at all (it's part of a substantially larger block)
d) two or more of the above.
Thoughts? What would you do?
If it isn't actually causing a problem, a) seems viable but you could certainly do b) or c) or both if you feel like it. Anyway, I'm not a lawyer... :-) Donald ============================= Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e3e3@gmail.com
Thanks!
Anne
Anne P. Mitchell, Esq. CEO/President ISIPP SuretyMail Email Reputation, Accreditation & Certification Your mail system + SuretyMail accreditation = delivered to their inbox! http://www.SuretyMail.com/ http://www.SuretyMail.eu/
Author: Section 6 of the Federal CAN-SPAM Act of 2003 Member, California Bar Cyberspace Law Committee Ret. Professor of Law, Lincoln Law School of San Jose 303-731-2121 | amitchell@isipp.com | @AnnePMitchell | Facebook/AnnePMitchell