[Dshield] DNS MX record block question

David Hart DavidHart at TQMcube.com
Sat Sep 6 22:50:28 GMT 2003


On Sat, 2003-09-06 at 17:47, Keith Bergen wrote:
> I don't understand the objection here.
> 
> All Roy is suggesting is that if he receives an email from xyz.com, that
> domain has to have an MX record. He didn't suggest that the email actually
> had to come from the server that controls that MX record.
> 
> Frankly, I think that every TLD should have an MX record available or you
> shouldn't accept connections from it. How else would you send an email back
> to them ... And frankly, what's the point of them sending you email except
> for a) me to send one back, or b) they are trying to spam me.
> 
I'm an IT nitwit but a pretty good quality management consultant. While
there is a real cost to spam, false positives for many business have far
greater potential consequences.

As I understand it, most of the people who DO have MX records should NOT
have MX records (including us). In theory, the MX record is only
required to direct mail to a separate machine. MANY valid mail comes
from machines that default to the A record for mail which is perfectly
OK.

I don't think that you mean "TLD" by the way ("com, edu, org," etc) but
domain. When the (working) server digs for the proper mail gateway, in
the absence of an MX record, it will direct mail to the A record.

There are MUCH better ways of controlling spam with far less potential
for false positives.

We are encouraging clients to have department heads participate in
formulating mail policies. It's important for non-IT executives to
understand the delicate balance between keeping spam off the system and
preventing valid mail from bouncing.

-- 
          ----------------------------------------------------
      Hart's PGP Key: 0xAB6D7FEA - http://TQMcube.com/hart_pgp.txt
          ----------------------------------------------------
         Total Quality Management - A Commitment to Excellence
   Email acceptance policy: http://www.TQMcube.com/email_policy.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20030906/1e323721/attachment.bin


More information about the list mailing list