[time-nuts] Strange reports of bocked messages to timenuts
Bob Johnson
timenuts at bobj.org
Sat May 17 22:52:50 EDT 2008
> Re: [time-nuts] Strange reports of bocked messages to timenuts
> From: John Ackermann N8UR <jra at febo.com>
[...]
>
> But what's interesting is that the error has been in place for over two
> years, and this is the first time it's ever caused any problems. And
> I'm really not sure what the security implication is of an MX pointing
> to a CNAME. I can see that it could result in lower reliability by
> putting an extra link in the DNS chain, but that's not really a security
> problem.
A spam filter would not normally be configured so that listing on
rfc-ignorant.org is enough to reject a message, because far to many
legitimate hosts (often for large corporations) end up listed there. So most
systems would not reject your mail even if (as many do) they looked you up on
rfc-ignorant.org, and it's not surprising that it took years to find someone
anal enough to block you just for that. I'd guess that the domain in question
will soon discover that they are being overly restrictive and modify their
spam filtering system. Unfortunately, they will probably never fix the
backscatter problem - that seems to be working as Microsoft designed it.
I question rfc-ignorant.org's inclusion of a site solely for having an MX
record point to a CNAME. You aren't supposed to do it, but it only affects
delivery to your domain, not the reliability of messages from your domain,
and contrary to popular belief, it is discouraged, not prohibited. The reason
it is discouraged is that you can create infinite loops that bounce a message
between two servers using several different aliases (or perhaps a few other
silly results). But if you don't manage to do that, a server that complies
with the specification will be able to deliver mail to you (RFC-974
specifically requires that if the MX record points to a CNAME, the query must
be repeated with the CNAME).
By the way, after you fix the problem, you need to go to rfc-ignorant.org and
tell them that you have fixed it so they remove you from their list.
- Bob
More information about the time-nuts
mailing list