> On Fri, Mar 28, 2008 at 11:34:58AM +1100, Mark Andrews wrote:
> >
> > > On Fri, Mar 28, 2008 at 11:16:36AM +1100, Mark Andrews wrote:
> > > >
> > > > > ah...
> > > > > Q: how to mark a domain that does not wish to receive email?
> > > > > A: don't run SMTP.
> > > >
> > > > Which is a temporary error to SMTP.
> > >
> > > yup. so what?
> > > you want the DNS to act as a trusted third party?
> > > sounds like an attack vector to me.
> >
> > So does turning off the smtp service and sending lots of
> > email to that email domain. Look at what happens when
> > google, hotmail etc. temp fail all email to them because
> > of some spam that came from a host without actively attempting
> > to fill up the mail spools.
> >
> > Mark
>
> turning off smtp service to a domain == NOT an email domain.
> forcing SMTP to require DNS lookups indicates that any one
> who can hijack the DNS data can redirect your DNS lookups
> to someplace that does SMTP w/o your permission and can
> do all sorts of nastiness.
>
> do you want one attack vector or two?
What's the difference between "MX 0 ." and "MX 0 badhost"?
I don't believe codifying "MX 0 ." changes the threat level.
Mark
> --bill
>
> Opinions expressed may not even be mine by the time you read them, and
> certainly don't reflect those of any other entity (legal or otherwise).
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED]
