[Mimedefang] how to undo Verisigns mess
Dirk Mueller
dmuell at gmx.net
Tue Sep 16 04:55:01 EDT 2003
Hi,
has anybody thought about what to make the best out of the mess Verisign made
in respect to SPAM scoring / sender address domain checking?
Since recently, all .net and .com domains started to resolve, pointing to a
verisign owned server that shows a customized webpage. As per DNS this is an
A record, the "check if domain is resolvable" check of many mailers (and
spamassassin) has been effectively nullified.
I was thinking about adding a check for an explicit MX record (which versign
does not set currently).
As an example, try looking up the nonexistent domain
"roaringpiguin.com" (David forgive me for that little pun ;-) )
$ dig roaringpiguin.com
; <<>> DiG 9.2.2 <<>> roaringpiguin.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34535
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 13
;; QUESTION SECTION:
;roaringpiguin.com. IN A
;; ANSWER SECTION:
roaringpiguin.com. 900 IN A 64.94.110.11
another solution might be to discard DNS checks which reverse-resolve to
sitefinder-idn.verisign.com., but I don't know how stable that will be.
Dirk
More information about the MIMEDefang
mailing list