[Dshield] DNS MX record block question
doug at clickdoug.com
Fri Sep 5 23:54:56 GMT 2003
look at www.rfcignorant.org
Stop spam on your domain, use our gateway!
For hosting solutions http://www.clickdoug.com
Featuring Win2003 Enterprise, RedHat Linux, CFMX 6.1 and all databases.
ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772
Suggested corporate Anti-virus policy: http://www.dshield.org/antivirus.pdf
If you are not satisfied with my service, my job isn't done!
----- Original Message -----
From: "Bob Love" <bob.lists at raha.com>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Friday, September 05, 2003 6:12 PM
Subject: Re: [Dshield] DNS MX record block question
| > that do not resolve to an MX record. I said that one should
| > absolutely block when the domain does not have a valid MX
| > record because if you are not a valid mail server, then why are
| > you sending me mail? I'll assume
| You are absolutely correct, but...
| Using this method you WILL also block many valid domains. Sadly, there are
| still many clueless admins out there from otherwise respectable ISPs... you
| could try feeding them a spoonful of clue, but you'll spend the rest of your
| life on a crusade, speaking from experience.
| Better you stick to the (loosely termed) "standard" methods of relatively
| open acceptance of incoming mail, with perhaps some anti-spam via MAPS,
| perhaps an AV also, and the occasional emergency tweak/filter when a new
| virus/worm hits...
| Having said that, this is looking at it from the perspective of an ISP
| (which I'm not any more, but I was) - where you need your clients to get the
| *least* number of false positives in terms of blocked mail, without being
| "wide open" and letting any old junk through.
| In a business environment your requirements may differ, and you can afford
| to be a lot stricter with your blocking in which case, not accepting mails
| from servers with no (or incorrect) RDNS entries the occasional false
| positive may be acceptable.
| list mailing list
| list at dshield.org
| To change your subscription options (or unsubscribe), see:
More information about the list