On Wed, Dec 20, 2017 at 8:29 AM, Ian Levy <[email protected]> wrote:
> > I need to be able to emulate in some way the effect of SPF and DMARC > records for non-existent first level subdomains under the PSL gov.uk - to > stop spoof mail apparently coming from them being delivered. This is an > active problem that criminals are abusing. They send mail from (for > example) the non-existent subdomain ianlevy.gov.uk and there's currently > no sensible way to stop that using DMARC et al. I'm quite sure that you will need to do this via synthetic records being returned either by the gov.uk name servers or by having gov.uk refer to a general "parked domain" name server (farm) for all of the non-existent subdomains. This is essentially what some of the big registrars started doing some years ago to monetize "unsold" domains from a web POV and it wrecked havoc for mail when the fallback A record was one of these upsell pages rather than the normal NXDOMAIN. With a "parked domain" server, you can return null MX, bare SPF "-all", and whatever DMARC policy and reporting values are appropriate for all A, AAAA, MX, TXT queries. You could also feed that information into some of the passive DNS systems which can help track malfeasance. --Kurt
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
