[Mimedefang] how to undo Verisigns mess

Dirk Mueller dmuell at gmx.net
Tue Sep 16 04:55:01 EDT 2003


Hi, 

has anybody thought about what to make the best out of the mess Verisign made 
in respect to SPAM scoring / sender address domain checking?

Since recently, all .net and .com domains started to resolve, pointing to a 
verisign owned server that shows a customized webpage. As per DNS this is an 
A record, the "check if domain is resolvable" check of many mailers (and 
spamassassin) has been effectively nullified. 

I was thinking about adding a check for an explicit MX record (which versign 
does not set currently). 

As an example, try looking up the nonexistent domain 
"roaringpiguin.com" (David forgive me for that little pun ;-) )

$ dig roaringpiguin.com

; <<>> DiG 9.2.2 <<>> roaringpiguin.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34535
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 13

;; QUESTION SECTION:
;roaringpiguin.com.             IN      A

;; ANSWER SECTION:
roaringpiguin.com.      900     IN      A       64.94.110.11


another solution might be to discard DNS checks which reverse-resolve to 
sitefinder-idn.verisign.com., but I don't know how stable that will be. 


Dirk



More information about the MIMEDefang mailing list