Re: [anti-spam-wg] Domains with MX set to localhost

  • To: Jay Daley jay@localhost
  • From: Jan Pieter Cornet johnpc@localhost
  • Date: Wed, 11 Jan 2006 16:00:09 +0100

On Wed, Jan 11, 2006 at 02:24:14PM +0000, Jay Daley wrote:
> > . the MX host has no associated A record at all
> > . the A record of the MX record is localhost, RFC1918, link-local, class
> >   D/E, or a limited set of bogons (yes, I'm watching IANA allocations)
> 
> Is there any legitimate reason that anyone knows of for people to set 
> their MX records like this?  If not then it seems too easy for a registry 
> to scan the zones of all the names it knows about to look for these 
> telltale indicators and compile a list of spam domains.

Well, yes, if a domain doesn't use email at all, then according to a
draft RFC (which seems to be expired: draft-delany-nullmx), then you can
set a single record:
    example.tld. IN MX 0 .

There are legitimate reasons for a domain to exist but not be involved in
email, for example domain reservations. This however doesn't mean spammers
can't (or won't) spoof the domain in sender addresses.

Also, some large domain reseller/harvester once had a lot of domains with
MX records pointing to this-domain-is-for-sale.com or something similar,
and those domains were forged in a lot of spam (but I can't find any of it
in the logs, offhand).

-- 
#!perl -wpl # mmfppfmpmmpp mmpffm pmmppfmfpppppfmmmf@localhost
$p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;                                # Jan-Pieter Cornet