Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet)

  • From: Suresh Ramasubramanian
  • Date: Wed Jan 12 23:56:21 2005
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=jFoE2cFPY/cyINxPqITipynICDNYBS14wfX7Sezn6tBDuTqvvJPNGinvH9t4aGOuL0pYdbTsIPl4AJ86/vdijdoGPtRCjDFiIfagARlxAvlGCB+dJSO4eT547ngmHbLmVxzrYOMDO2TAeEOBFJxKMAVEfCHoN3Wz+Rjyzz1/FzU=

On Wed, 12 Jan 2005 23:19:47 -0500, Valdis.Kletnieks@vt.edu
<Valdis.Kletnieks@vt.edu> wrote:
> On Wed, 12 Jan 2005 19:19:24 PST, Dave Crocker said:
> > In general, that's what dkeys/iim and csv (and maybe spf) are attempting to provide.
> 
> Yes, but he asked for a rDNS solution specifically...

I think Steve was referring to some things that can be implemented
right away, like "if you operate a mailserver, please make sure that
it isn't on a host that has reverse dns like ppp-XXX.adsl.example.com,
try to give it unique and non generic rDNS, preferably with a hostname
that starts off with smtp-out, mail, mta etc)"

Basically a call to operators to adopt a consistent forward and
reverse DNS naming pattern for their mailservers, static IP netblocks,
dynamic IP netblocks etc.

-- 
Suresh Ramasubramanian (ops.lists@gmail.com)




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.