To:
dnsop@cafax.se
From:
Markus Stumpf <maex-lists-dns-ietf-dnsop@Space.Net>
Date:
Fri, 22 Feb 2002 23:11:09 +0100
Content-Disposition:
inline
In-Reply-To:
<Pine.SOL.4.33.0202210933410.9569-100000@virgo.cus.cam.ac.uk>; from ph10@cus.cam.ac.uk on Thu, Feb 21, 2002 at 09:40:22AM +0000
Sender:
owner-dnsop@cafax.se
User-Agent:
Mutt/1.2.5i
Subject:
draft-ietf-dnsop-dontpublish-unreachable-03.txt (was: Re: Minneapolis - agenda items please.)
Sorry, to jump in the discussion at a late point. I'm rather new to this list. On Thu, Feb 21, 2002 at 09:40:22AM +0000, Philip Hazel wrote: > Proposal is to reword the final paragraph to read as follows: > > If such a facility is required, it SHOULD instead be done by > arranging for the hosts listed in a domain's MX records to return > a 554 error response, either on initial connection, or following a > RCPT command for an address in a domain for which there is no > service. Care should be taken IMHO to keep the wording RFC 2821 (SMTP) compliant. RFC 2821 Section 3.1 Session Initiation already specifies a procedure just for that case (3rd paragraph): The SMTP protocol allows a server to formally reject a transaction while still allowing the initial connection as follows: [ ...] Maybe a referral to the above mentioned Section would be a good idea? Also: loopback address have been seen in the DNS. This seems to be a misguided attempt to specify "no SMTP service for this domain" more positively than just refusing connections to the SMTP port. <SIDENOTE> From my experience it's more likely that spammers don't have a valid ip address to point the MX of their domain to. But they need a IP to pass anti-spam checks, so they use 127.0.0.1 and have the advantage not to get the bounces back. Btw. I have also seen the use of 0.0.0.0 instead of 127.0.0.1. The impact of 0.0.0.0 on some SMTP daemons is rather terrible. </SIDENOTE> IMHO it would be a good idea to explicitely ban the use of "0.0.0.0" (haven't found it mentioned in the draft at all) and it probably should be a MUST NOT. \Maex -- SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299 "The security, stability and reliability of a computer system is reciprocally proportional to the amount of vacuity between the ears of the admin"