[Dshield] DNS MX record block question
jlauro at umflint.edu
Fri Sep 5 22:59:07 GMT 2003
Lots of places don't have MX records. You only need an MX record if
the mail host is different then the A record, or if you want to
specify secondary hosts if your primary is down.
> -----Original Message-----
> From: Richard Roy [mailto:RoyR at justicetrax.com]
> Sent: Friday, September 05, 2003 6:39 PM
> To: list at dshield.org
> Subject: [Dshield] DNS MX record block question
> A coworker of mine was debating the point of blocking mail from
> where there is not a valid MX record . His point was that he any
> client could send mail, in fact he would write one rather quickly in
> or something, and that, by default one should not reject connections
> that do not resolve to an MX record. I said that one should
> block when the domain does not have a valid MX record because if you
> not a valid mail server, then why are you sending me mail? I'll
> you are a virus with a mailer engine on someone's pc. Is that a
> assumption or paranoid assumption?
> I told him I'd like him to try it ( I only have one machine allowed
> in/out on port 25 on his network). I'm curious do most folks drop
> where there is no valid MX record? Anyone have a reference (white
> or rfc or something) that would explain why or why/not?
> Sorry if it is OT please respond off list if it is.
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
More information about the list