* Henning.Rust@stud.uni-hannover.de (Henning Rust) [Thu 25 Sep 2003, 17:13 CEST]: > Up to now, e-mails addressed to misspelled mail domains will not be > sent to Verisign's Fake-SMTP-service as MX records are used for > mail-domain resolving. Verisign did not set up wildcard MX records. Wrong. Mail transfer agents fall back to A records if no MX records exist for a given entry. That's why Snubby was running in the first place - to keep mail from accumulating in everybody's queues for a week where at first it would've been discarded immediately. > However, if you configure your E-Mail-Program or local Mail-Transfer- > Agent and misspell the hostname of the SMTP-Server for outgoing mail, > all outgoing mail will be sent to their Fake-SMTP service. And rejected with an incorrect error message leading - again - to faulty diagnostics. The Internet Architecture Board has written a good document about the operational impact of Verisign's move: http://www.iab.org/documents/docs/2003-09-20-dns-wildcards.html > What if Versign is planning to add wildcard MX records as well, so that > any mail addressed to mistyped/non-existant mail domains like > "foobar@sdfsgggdfasfasdf.com" will be sent to their fake SMTP service? As said, that won't change much. Someone proposed Verisign added "* IN MX 0 ." as an additional wildcard but testing has shown that MTAs keep mail spooled instead, so this won't work either. > Expect the worst! How much worse can it get? On second thoughts, don't give Verisign any ideas... -- Niels. -- "The time of getting fame for your name on its own is over. Artwork that is only about wanting to be famous will never make you famous. Any fame is a bi-product of making something that means something. You don't go to a restaurant and order a meal because you want to have a shit." -- Banksy
