[Dshield] DNS MX record block question

Stephane Grobety security at admin.fulgan.com
Sun Sep 7 21:45:11 GMT 2003


I believe you have failed to see Johannes's point: His first point
wasn't about the MACHINE sending the message, it's about the DOMAIN
indicated in the "From:" field (the machine should be in the "Received
from" header).

As for the RFCs, they defined a way to send a message that shouldn't
be replied to: use blanks "Reply to" and "from" headers (or better, use
something in the form of: "Server mail <>").

As for your other point, while correct, I believe that your other
comment is outside the scope of this discussion which is, basically,
about wether or not one should refuse mail received from "domains"
(wether it's the domain indicated by the "From" field or the sending
machine wasn't specified by the original sender).

Finally, on the whole issue, I personally feel that technics that rely
on  the sending domain's configuration for blocking spam are far from
being effective enough to outweigh their disadvantages. However, I
also do not feel that it is my decision to make, even for domains under
my control: it's a decision that should be made by the final receiver
of the message or the person responsible for him: my boss, my client
owning a domain, etc.

Good luck,
Stephane

JRK> I agree with everything you said, except for your first point.
JRK> You happen to be technically incorrect for two reasons.
JRK> 1) Major reason: You can send email to a system without it having
JRK> an MX record. Please see my Friday post for an explanation why.
JRK> 2) Minor reason: The 'From:' header is not often not relevant
JRK> because: a) It is often superseded by other headers, such as
JRK> 'Reply-To:', especially on mailing lists. b) It says little about
JRK> who actually sent the message. In legitimate email, the real
JRK> sender is defined by the "Envelope Sender."


JRK> Anyway, I just wanted to make sure that the point that systems to
JRK> NOT have to have an MX record to receive email is clarified.



-- 
Best regards,
 Stephane                            mailto:security at admin.fulgan.com




More information about the list mailing list