Re: [anti-spam-wg] Domains with MX set to localhost


>> . the MX host is "." (following draft-delany-nullmx)
>> . the MX host isn't a FQDN
>> . the MX host has no associated A record at all
>> . the A record of the MX record is localhost, RFC1918, link-local,
>>   class D/E, or a limited set of bogons (yes, I'm watching IANA
>>   allocations)

> Is there any legitimate reason that anyone knows of for people to set
> their MX records like this?

Well, aside from honest mistakes (which happen to the best of people):

There definitely is for "MX ." (that's what draft-delany-mullmx is
for), but that does not apply to legitimate-mail-emitting domains.

As I remarked upthread, an MX record isn't capable of containing
anything but a FQDN, so the second item must really mean something else
(like "in a nonexistent TLD").

"No A record" is perfectly reasonable; a domain can have a v6-only MX
host.  (Which I consider perfectly reasonable.  Not everyone agrees.)
"No address record" is not reaosnable.

MX hosts with addresses in 127/8 should IMO be treated the same as
nullmx ("MX .").  RFC1918-space MX addresses I'm not sure; I might drop
such addresses entirely before doing the rest of the processing.
Link-local...I don't think v4 even *has* link-local addresses; v6
link-local I'd treat like v4 127/8.  Class D, I'm not sure; I haven't
looked at multicast enough to know whether TCP to a multicast address
makes sense.  Class E, well, experimental is for experiments; anyone
participating in the experiment knows what to do, and anyone not should
probably pretend the address doesn't exist.  Bogons, defniitely, throw
them out, though I'm not sure whether I'd treat them as nullmx or drop
the addresses entirely (and thus possibly push the host into the "no
address" category).

> If not then it seems too easy for a registry to scan the zones of all
> the names it knows about to look for these telltale indicators and
> compile a list of spam domains.

Yes...but that would require a registry to care about something beyond
being paid.  As far as I can tell (from the outside), none of them do.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B