North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
RE: What *are* they smoking?
-----BEGIN PGP SIGNED MESSAGE----- Matthew S. Hallacy wrote: > On Tue, Sep 16, 2003 at 01:18:26AM +0200, Jeroen Massar wrote: > > > > Even worse of this is that you can't verify domain names under .net > > any more for 'existence' as every .net domain suddenly has > a A record > > and then can be used for spamming... > > > > From: Spammer > <firstname.lastname@example.org> > > To: You <email@example.com> > > > > Thank you Verisign! Now we need to check for existence of an MX > > and then just break a couple of RFC's in the process :( > > Checking for NS or SOA record(s) is sufficient, neither are > being returned, > only A records. > > Of course, you could just block anything that resolves to netsol. example.com. NS ns1.example.com A 10.100.13.42 blaat A 10.100.13.42 It's completely legal, per RFC, to mail firstname.lastname@example.org as it is a host, but blaat.example.com doesn't need an NS record. Having an extra lookup checking with a NS if the first level domain exists is an option though. But the best option is just to let dns servers return NXDOMAIN and let people use google or let them *type* correctly. Or is Verisign suddenly also all knowledgable about which url's are going to be valid? "oops the user is going to make a typo, lets point everything on our box and let that log and figure out what the dumb user really meaning"... go figure.. Btw it doesn't do IPv6 which is bad and doesn't scale into the future :) And no HTTP SSL support either. No POP3/IMAP support telling people they typed in the wrong hostname for their mailserver etc... Any kiddie group already planning to "take down" the advert server ? It's just 1 IP to take out a *lot* of domains, anything you can mistype ;) "Look mommy we took down <think up something>.net, now you see it now you..." I also wonder what privacy implications this has, stupid example: http://www.thawhaithouse.net/login/?user=president&password=cannedremember There goes your privacy act (if you still thought there was any :) Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / email@example.com / http://unfix.org/~jeroen/ iQA/AwUBP2ZVuCmqKFIzPnwjEQKQggCcDGgy0kXNIA89kvL9EiFPosVNy+QAn3G9 hepKhdO0XS6nTtgrYGg/jAna =9VhA -----END PGP SIGNATURE-----