On 6/11/2014 11:44 AM, John Hardin wrote:
Folks:
I just came across a PayPal phish that has a potentially useful
indicator: the domain referenced in the URI has no MX record defined,
so it cannot accept email.
Would it be worth another DNS query in URIBL to check whether the
domain has an MX record, and add a point if not?
Just off the top of my head, it may cause issues with mass email
services like Constant Contact which send their email from oodles of
CDN-like alternate domains which aren't intended to receive email.
I expect you would need to limit it to headers that are clearly intended
to receive messages (ie, Reply-To, Return-Path, From if the other two
headers are not present, etc).
That's a pretty funny mistake for a spammer to make.
