[Dshield] DNS MX record block question

Lauro, John jlauro at umflint.edu
Fri Sep 5 22:59:07 GMT 2003


Lots of places don't have MX records.  You only need an MX record if
the mail host is different then the A record, or if you want to
specify secondary hosts if your primary is down.

> -----Original Message-----
> From: Richard Roy [mailto:RoyR at justicetrax.com]
> Sent: Friday, September 05, 2003 6:39 PM
> To: list at dshield.org
> Subject: [Dshield] DNS MX record block question
> 
> A coworker of mine was debating the point of blocking mail from
domains
> where there is not a valid MX record .  His point was that he any
mail
> client could send mail, in fact he would write one rather quickly in
vb
> or something, and that, by default one should not reject connections
> that do not resolve to an MX record.  I said that one should
absolutely
> block when the domain does not have a valid MX record because if you
are
> not a valid mail server, then why are you sending me mail?  I'll
assume
> you are a virus with a mailer engine on someone's pc.  Is that a
fair
> assumption or paranoid assumption?
> I told him I'd like him to try it ( I only have one machine allowed
> in/out on port 25 on his network).  I'm curious do most folks drop
mail
> where there is no valid MX record?  Anyone have a reference (white
paper
> or rfc or something) that would explain why or why/not?
> Sorry if it is OT please respond off list if it is.
> 
> Thanks
> 
> Rich
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list