On Mon, 9 Apr 2018 09:56:20 -0500 David Jones <djo...@ena.com> wrote:
> On 04/09/2018 09:44 AM, Reindl Harald wrote: > > you simply don't want connect to every innocent MX which inbound > > mail is forged because for the sake of god you are attacking the > > victim of spoofed mails and you are easily part of a distributed > > DOS when your few connections back are only a small part Also, if an innocent domain's MX server just happens to be down when you check, you could get a FP. Checking for the existence of a sane MX record is good practice. I'm not so sure about actually trying to connect to said MX, even if you take basic precautions to minimize connections. Regards, Dianne.