Verisign bogosity {Scanned by HJMS}

John Rudd jrudd at UCSC.EDU
Tue Sep 16 21:31:59 IST 2003


"Furnish, Trever G" wrote:
>
> > -----Original Message-----
> > From: John Rudd [mailto:jrudd at UCSC.EDU]
> > Sent: Tuesday, September 16, 2003 12:32 PM
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Re: Verisign bogosity {Scanned by HJMS}
> >
> > On Tuesday, Sep 16, 2003, at 09:59 US/Pacific, Furnish,
> > Trever G wrote:
> > > Which will just lead to a battle with verisign as they
> > > begin to rotate their addresses - it won't solve the problem.
> >
> > It does become yet another game of whack-a-mole, yes.  And I
> > don't know if those patches are set up to be configurable (ie. as
> > verisign rotates addresses, how hard is it to add them to a config file?
> > or do you have to recompile?).  It may even come down to a new DNSBL
> > that is based around tracking verisign's stupidity.
>
> A DNSBL specificly for this purpose - now THAT is a solution I like, if it
> works...
>
> ...but I don't think it does.
>
> I'm under the impression that the address looked up during a RBL check is
> the address of the connecting relay, NOT the address resolved for the domain
> used in the "mail from" command.  Meaning a RBL check wouldn't help,
> correct?


A DNSBL can be a look up for _anything_ really.  It's how you use it
that matters.  What you're asking is "doing a mail blackhole on these
addresses wouldn't help, correct?"

It's true that the above DNSBL wouldn't be a good thing to use as a mail
blackhole (the way most DNSBL's are used).  But, DNS servers might be
able to use it to periodically update their list of "non-existent domain
addresses".  That's an entirely different use of a DNSBL database (and
it would require some changes to how different DNS servers work).

Think of a DNSBL as a distributed database, which is seperate from how
you use its data.  Mail Blackholing is just one of many applications for
such a distributed database.

use it for RBL'ing?  no.

use it for keeping up with the whack-a-mole process of rejecting domains
as non-existant?  yes.



More information about the MailScanner mailing list