[Mimedefang] Only MX record is fake
dfs at roaringpenguin.com
dfs at roaringpenguin.com
Thu Nov 17 16:05:16 EST 2011
> Those people checking for valid MX records for a sender's domain from
> within MIMEdefang ... is anybody checking if a sender's one and only MX
> record is a fake MX tempfailing service? Has anyone ever seen this type
> of setup for legitimate e-mail?
Our commercial product has a setting to reject mail from any domain
that has an MX record that resolves back to 127.0.0.0/8 or ::1. We've
had no false-positives reported.
A more aggressive setting also rejects mail from domains with MX records
in RFC 1918 private address space and non-unicast addresses. Believe it or
not, there are some domains that have MX records resolving to 192.168.0.0/16
(but other MX records that really are routable) so you may get some FPs if
you use the more aggressive approach.
Regards,
David.
More information about the MIMEDefang
mailing list