Folks, The big guys have spoken, and they are not amused: http://www.iab.org/documents/docs/2003-09-20-dns-wildcards.html
... Spam Filters Installing these wildcard records broke several simple spam filters commonly used to front end inbound mail servers, as well as more complex filtering that checks for the existence of a sending domain in order to screen out obviously bogus senders. This technique for spam has diminished as this filtering mechanism has increased, but one sample operator reports that it still equals about 10% of inbound mail attempts on their large shared MX cluster. ISPs who are aware of this problem will probably extend their filtering rules to have special knowledge of the address returned by these wildcard records, but will have to carry the cost of doing so, both in terms of code maintenance and increased execution time for their filtering. ... Proposed guideline: If you want to use wildcards in your zone and understand the risks, go ahead, but only do so with the informed consent of the entities that are delegated within your zone. Generally, we do not recommend the use of wildcards for record types that affect more than one application protocol. At the present time, the only record types that do not affect more than one application protocol are MX records. For zones which do delegations, we do not recommend even wildcard MX records. If they are used, the owners of zones delegated from that zone must be made aware of that policy and must be given assistance to ensure appropriate behavior for MX names within the delegated zone. In other words, the parent zone operator must not reroute mail destined for the child zone without the child zone's permission. We hesitate to recommend a flat prohibition against wildcards in "registry"-class zones, but strongly suggest that the burden of proof in such cases should be on the registry to demonstrate that their intended use of wildcards will not pose a threat to stable operation of the DNS or predictable behavior for applications and users. We recommend that any and all TLDs which use wildcards in a manner inconsistent with this guideline remove such wildcards at the earliest opportunity. -- Sanjeev _______________________________________________ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd
