[Exim] Verisign pulls a fast one

Top Page
Delete this message
Reply to this message
Author: Gary Palmer
Date:  
To: exim-users
Subject: [Exim] Verisign pulls a fast one
Verisign is adding wildcard DNS records to all of .com and .net pointing
to one of their servers "as browsers don't return any useful information
when the user inputs an unregistered domain". This defeats very nicely
sender DNS verification as now *all* .com/.net domains are valid.
(Unless you are insisting on MX records for all domains, which is a
slight violation of RFC)

I strongly recommend EVERYONE add:

64.94.110.11

to the 'ignore_target_hosts' directive on any/all dnslookup routers (in
addition to the RFC 1918 entries that are already there, right? :) )

I'm wondering how long it will take for that IP to start showing up on
DNSBLs.

Gary