Hello,
Thank you for the quick reply. I am not as much a domain-expert as you are, and so, I am going to try to ask some questions that hopefully you will be able to answer.
>> My problem: We are working with domain name registrars. When a user
>> registers his domain with one of our partners, that partner will create an
>> MX record for that new domain, and that MX record will point to our email
>> server. [without notifying you]
>
>So the rule would be "accept and deliver all mail for domains with an MX
>pointing to me".
>That's insane and fscking insecure.
>Why can't they send you an automated notifcation which you handle by a
>mailrobot or somesuch which adds the domain to rcpthosts and locals?
Given that we have a large hosting infrastructure, and an expensive service, we will not be getting very many domains pointed to us in this way. And as we get more, we will have to scale. But the idea is exactly that we *do* deliver for all these domains. We have partners who host small businesses, and want to use our platform to provide web and email service to them, on sort of an ASP model.
So my first question is: why is it insane? I am not sure whether you are pointing to scalability problems, or to some other difficulty with the suggestion.
My second question is: why is it insecure? Are you imagining that mistaken/spoofed/hacked MX records could be used as a DOA attack against our mail servers? I am just not sure what problem you are imagining with security.
If you could help me understand these issues, then I would be better able to evaluate whether it was necessary to go with a mail-robots suggestion, which I do understand.
Thanks,
-Ed Abrams
[EMAIL PROTECTED]
