Once upon a time, Christopher X. Candreva <chris@westnet.com> said:
This also blows away the whole idea of rejeting mail from non-existant domains -- never mind all the bounces to these non-existant domains when the spammers get ahold of them. Boy, I hope they have a good mail server responding with the 550 on that IP !
At the least we need a way for MTA's to reject mail from domains that resolve to this nonsense. Having bind put NXDOMAIN back would be a plus.
I see a few of ways to distinguish the responses at the moment (without hard-coding the IP address or reverse DNS for that IP): - the TTL on the bogusdomain.net responses in 15M instead of 2D - on bogusdomain.net responses, the ADDITIONAL and AUTHORITY records all point to gtld-servers.net servers, while normal requests get records pointing somewhere else - there are no NS records for bogusdomain.net None of these help MTAs today. For sendmail, you could do something with the dns map to look for NS records for something.net when you get @blah.something.net. However, it means one more DNS lookup for everything ending in .com or .net. -- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.