On Fri, Feb 20, 2015 at 12:08 PM, Anne P. Mitchell, Esq. <amitchell@isipp.com> wrote:
We have an email reputation accreditation applicant, who otherwise looks clean, however there is a very strange and somewhat concerning domain being pointed to one of the applicant's IP addresses Let's call the domain example.com, and the IP address 127.0.0.1, for these purposes.
Applicant is assigned 127.0.0.1. the rDNS correctly goes to their own domain.
However, example.com (which in reality is a concerning domain name) claims 127.0.0.1 as their A record.
Howdy, How does 127.0.0.1 behave when you access it and declare yourself to be seeking example.com? If it's a mail server, what happens when you try to mail postmaster@examplecompany.com? Do you get a no-relaying message or one of the other errors appropriate to a server not configured to handle mail for example.com? If it's a web server, what happens when your browser asks for Host: www.example,com? Do you get example.com's web page? Also check 3rd party databases to the extent possible. Can you find examples of dastardly example.com activity from 127.0.0.1 during a time the whois records say applicant had control of 127.0.0.1? You get the general idea. Check for things you know to be under the applicant's control. If they come up clean, they're clean. If they're dirty and they're sloppy enough to not clean up the example.com DNS zone file then they'll be sloppy elsewhere too. Regards, Bill Herrin -- William Herrin ................ herrin@dirtside.com bill@herrin.us Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>