<<<
Chronological Index
>>> <<<
Thread Index
>>>
[wildcard-comments] Verisign DNS wildcard allows spammers to invent email address
- To: <wildcard-comments@xxxxxxxxx>
- Subject: [wildcard-comments] Verisign DNS wildcard allows spammers to invent email address
- From: <TomJ@xxxxxxxxxxxxxxxx>
- Date: Thu, 2 Oct 2003 18:50:48 -0600
- Importance: High
- Sender: owner-wildcard-comments@xxxxxxxxx
Verisign DNS wildcard allows spammers to invent email addresses.
I manage several hundred domains. My mail servers used to verify email
domains were valid domains that really existed.
When Verisign implemented their DNS wildcard (without public notice), my
mail servers suddenly could not reject email from falsified domains names.
This new problem Verisign created is far reaching because secondary mail MX
servers accept and buffer email for primary MX servers. When mail from a
non-existent domain name comes in through an ISPs secondary MX server
several things may happen:
#1 A secondary MX server receives mail from a non existent domain name.
The secondary MX server performs a check to verify the from domain part of
the email is real. Thanks to Verisign - all domains are real, so the
secondary MX server accepts the email message.
#2 The secondary MX server may not be able to deliver the mail to the
primary MX mail server if the destination email address (user) does not
exist. This results in a no such user message from the primary MX server.
#3 The secondary MX server still has the mail and now has to try and
return
it. However, thanks to Verisign breaking DNS, the mail in the secondary MX
server can not be returned.
#4 The secondary MX server continues to hold more and more email in the
queue which can not be returned. Each email message that can not be
returned takes up more disk space and more attempts by the mailer to return
it.
#5 After hours, days or a week, the secondary MX server can reach a
point
where it fails due to lack of disk space and/or lack of processes available
to try and return mail.
Since Verisign broke all forms of reliable domain verification, I have had
to manually monitor and manually remove hundreds of thousands of email
messages from my secondary MX servers. This costs time and money to me and
my clients. This also increases the amount of spam email everybody in the
world receives.
To all spammers in the world, Verisign is now your friend.
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|