[TriLUG] RE: Verisign's wildcard in .com and .net (fwd)

Dan Monjar daniel.monjar at na.biomerieux.com
Tue Sep 16 10:06:03 EDT 2003


Another viewpoint

---------- Forwarded Message ----------
Date: Monday, September 15, 2003 11:50:23 PM -0700
From: xxxxx
To: info-multinet at process.com, info-pmdf at process.com
Cc:
Subject: RE: Verisign's wildcard in .com and .net

> One of the side-effects is that any attempt to block email by
> checking that the sender's domain exists, will now fail.

Rather, all such checks will succeed (which renders the checks
useless).  Of course, such code could be modified to ignore
responses that point at the nasty Verisign A record.

> Another side-effect concerns
> mis-configured mail servers or DNS entries: if you are configuring a mail
> relay and/or put a typo in the MX record, you may get unexpected results
> since the IP address indicated by Verisign happens to be running an SMTP
> server.
>
> I'll refrain from repeating the outraged comments on various discussion
> groups.  It will be interesting to see how this situation evolves.

Mail authorization via DNS is going to accelerate, and with good reason.

---------- End Forwarded Message ----------



--
Daniel Monjar
IS Manager, Technical Services
bioMérieux, Inc.
Durham, NC US
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://www.trilug.org/pipermail/trilug/attachments/20030916/73042f66/attachment.pgp>


More information about the TriLUG mailing list