* Henning.Rust (at) stud.uni-hannover (dot) de [email concealed] (Henning Rust) [Thu 25 Sep 2003, 17:13 CEST]:
> Up to now, e-mails addressed to misspelled mail domains will not be
> sent to Verisign's Fake-SMTP-service as MX records are used for
> mail-domain resolving. Verisign did not set up wildcard MX records.

Wrong. Mail transfer agents fall back to A records if no MX records
exist for a given entry. That's why Snubby was running in the first
place - to keep mail from accumulating in everybody's queues for a week
where at first it would've been discarded immediately.

> However, if you configure your E-Mail-Program or local Mail-Transfer-
> Agent and misspell the hostname of the SMTP-Server for outgoing mail,
> all outgoing mail will be sent to their Fake-SMTP service.

And rejected with an incorrect error message leading - again - to faulty
diagnostics. The Internet Architecture Board has written a good
document about the operational impact of Verisign's move:

http://www.iab.org/documents/docs/2003-09-20-dns-wildcards.html

> What if Versign is planning to add wildcard MX records as well, so that
> any mail addressed to mistyped/non-existant mail domains like
> "foobar (at) sdfsgggdfasfasdf (dot) com [email concealed]" will be sent to their fake SMTP service?

As said, that won't change much. Someone proposed Verisign added "* IN
MX 0 ." as an additional wildcard but testing has shown that MTAs keep
mail spooled instead, so this won't work either.

> Expect the worst!

How much worse can it get? On second thoughts, don't give Verisign any
ideas...

-- Niels.

--
"The time of getting fame for your name on its own is over. Artwork that
is only about wanting to be famous will never make you famous. Any fame
is a bi-product of making something that means something. You don't go to
a restaurant and order a meal because you want to have a shit." -- Banksy

[ reply ]