In article <16060f3af18.2772.9bc7627f4bf0daf95da66808f3dcb...@crankycanuck.ca> you write: >But if course, it isn't necessarily the domain admin who puts things in the >PSL, which has always been one of the problems with the PSL. It was why we >set up the dbound WG. Pity we couldn't get that to consensus.
I take your point, but in this case the entries come from the registry, which somehow has simultaneously insisted that all names be registered below SLDs, and provided A and MX for some SLDs. https://www.zadna.org.za/content/page/domain-information/ R's, John >> In article >> <cabugu1q+cslwtpbdjf70gjvn2y6svgp3ynevmh0vyruhht7...@mail.gmail.com> you >> write: >>>I've heard from one of my contacts that country-level TLDs like gov.za are >>>being used for attacks and that there is not a particularly effective way >>>to protect against that or to protect against non-existent subdomains being >>>abused. (It's even worse if those public suffix level domains are being >>>used to send mail, but if they aren't, how do you protect it?) >> >> I was about to say that surely nobody would be foolish enough to put a >> name in the PSL that has live MX records and used for mail. Silly me. >> >> The obvious response is that if they can publish A and MX and SPF >> records for gov.za, which they do, they can publish DMARC, too. It >> also suggests that putting gov.za in the PSL was not a very good idea. >> >> R's, >> John >> >> >> ================ >> >> freight.aero: 10 mx1.champ.aero. >> freight.aero: 10 mx3.champ.aero. >> freight.aero: 10 mx2.champ.aero. >> freight.aero: 10 mx4.champ.aero. ... >> ac.za: 10 protea.tenet.ac.za. >> agric.za: 10 gwsmtp1.agric.za. >> alt.za: 0 ln1.cequrux.com. >> co.za: 10 mx2.coza.net.za. >> gov.za: 100 mta.gov.za. >> grondar.za: 0 gromit.grondar.org. >> law.za: 20 luke.voffice.co.za. >> law.za: 30 mail.attorneys.law.za. >> law.za: 10 mailfirewall.voffice.co.za. >> mil.za: 10 fm-mail-in.voxtelecom.co.za. >> ngo.za: 10 mxc01.mxrc.co.za. >> ngo.za: 10 mxc02.mxrc.co.za. >> nis.za: 0 nis.za. >> nom.za: 20 secdns1.posix.co.za. >> nom.za: 10 mail.nom.za. >> org.za: 10 mx2.coza.net.za. >> school.za: 10 ochre.school.za. >> school.za: 20 mopani.school.za. >> tm.za: 20 alt1.aspmx.l.google.com. >> tm.za: 20 alt2.aspmx.l.google.com. >> tm.za: 30 aspmx2.googlemail.com. >> tm.za: 30 aspmx3.googlemail.com. >> tm.za: 30 aspmx4.googlemail.com. >> tm.za: 30 aspmx5.googlemail.com. >> tm.za: 10 aspmx.l.google.com. -- Regards, John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
