Re: People forging their From: addresses

  • From: Piet Beertema < >
  • Date: Sat, 03 Oct 1998 12:17:03 +0200

    > It shouldn't be too hard to have an MTA distinguish between a
    > DNS server failure (SERVFAIL) or an authoritative NXDOMAIN answer.
    > SERVFAIL resulting in a 4xx error, NXDOMAIN in a 5xx.
    That's exactly what I did, but I still ended up bouncing perfectly
    valid mail. Dunno why... beats me. Might be mangling of UDP packets
    on hosts that don't verify/send UDP checksums (like standard sunos
    4.x machines)
I wouldn't go into that sort of details anyway: I'd assume
that *anything* can go wrong with DNS, resulting in unwanted
bouncing of mail from existing domains if you use 5xx.
So either stay on the safe side and give 4xx, or take the
hard approach and the risk and give 5xx.


