Hi, On Fri, Feb 20, 2015 at 12:08 PM, Anne P. Mitchell, Esq. <amitch...@isipp.com> wrote: > All, > > We have a rather strange situation (well, strange to me, at least). > > We have an email reputation accreditation applicant, who otherwise looks > clean, however there is a very strange and somewhat concerning domain being > pointed to one of the applicant's IP addresses Let's call the domain > example.com, and the IP address 127.0.0.1, for these purposes. > > Applicant is assigned 127.0.0.1. the rDNS correctly goes to their own domain. > > However, example.com (which in reality is a concerning domain name) claims > 127.0.0.1 as their A record.
I don't think having an A record in the DNS is really a "claim". Let's say I want to send mail to company.example.com but I don't like them so much so I set up companySUCKS.foo.example.com pointing at their mail server either through an A record or a CNAME... Then, I believe, inside my mail, the mail could appear to be to per...@companysucks.foo.example.com if it wasn't blocked by some security mechanism. Perhaps this is protected speech or, with a few changes, a parody or something. See Section 4.1.3 "You Can't Control What Names Point At You" in my RFC http://tools.ietf.org/html/rfc3675 A somewhat similar thing is in Section 4.1.4.1 of that RFC where I was on social mailing list with an innocuous name and someone had long set up a forwarder so that if you sent email to cat-torturers@other.example (real left hand side, obviously not the real right hand side). It would get sent to the social mailing list and the that address would appear in the "to:" line inside the mail. For that particular crowd, most people thought this was pretty funny, but it is the same sort of thing. > Of course, example.com is registered privately, and their DNS provider is one > who is...umm... "known to provide dns for domains seen in spam." > > As I see it, the applicant's options are: > > a) just not worry about it and keep an eye on it > > b) publish a really tight spf record on it, so if they are somehow > compromised, email appearing to come from example.com and 127.0.0.1 should be > denied > > c) not use the IP address at all (it's part of a substantially larger block) > > d) two or more of the above. > > Thoughts? What would you do? If it isn't actually causing a problem, a) seems viable but you could certainly do b) or c) or both if you feel like it. Anyway, I'm not a lawyer... :-) Donald ============================= Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e...@gmail.com > Thanks! > > Anne > > Anne P. Mitchell, Esq. > CEO/President > ISIPP SuretyMail Email Reputation, Accreditation & Certification > Your mail system + SuretyMail accreditation = delivered to their inbox! > http://www.SuretyMail.com/ > http://www.SuretyMail.eu/ > > Author: Section 6 of the Federal CAN-SPAM Act of 2003 > Member, California Bar Cyberspace Law Committee > Ret. Professor of Law, Lincoln Law School of San Jose > 303-731-2121 | amitch...@isipp.com | @AnnePMitchell | Facebook/AnnePMitchell > > >
