[Dshield] DNS MX record block question

Lauro, John jlauro at umflint.edu
Sat Sep 6 22:36:07 GMT 2003

> Frankly, I think that every TLD should have an MX record available
or you
> shouldn't accept connections from it. How else would you send an
> back
> to them ... And frankly, what's the point of them sending you email
> for a) me to send one back, or b) they are trying to spam me.
> Keith.

Simple...  If they have an A record in the top level domain, then they
don't need a MX record.  You must verify one of them, but you don't
need both.

Now, if you wrote a program to try to connect to a MX (or A if no MX
existed) on port 25, and make sure a RCPT TO: is accepted for the
envelope header, or ERRORS-TO header, that might be useful.  But if
you skip the check for address records, you will simply be refusing
legitimate e-mail as not everyone has or needs MX records.

Of course, if you did that then I am sure there is some other programs
that didn't think it through and would look at your host as a trying
to get spam through and black-list you...

More information about the list mailing list