> From: Paul Vixie <[email protected]> > Stephane Bortzmeyer wrote:
> >> used by numerous software developers, programming languages, > >> browsers (cookies), search engines, security software, and many > >> other places. > > > > And 95 % of these uses are bad ideas: it creates false positives > > (.CW...) and false negatives (it's not because .COM exists that > > anything.com has a meaning). > > passionate +1. Why is anyone using such lists to validate domain suffixes? I recently discovered a global, distributed database with nearby caching that allows HTTP and SMTP servers to check whether the right hand side of [email protected] is valid. It does not require that servers act exactly miscreants doing dictionary attacks to find spam targets ("sender address verification") or exactly like spammers sending unsolicited bulk mail. Continuing the sarcasm is too much effort, so I'll simply ask why not do DNS MX and A requests? (both because of the fall-back-to-A-if-no-MX rule) If you get NXDOMAIN or NODATA for both MX and A, you know it is invalid in an SMTP Rcpt_To command (unless you still believe in SMTP source routing). If you get A or MX records, then it is at least as likely to be valid as a name in other list. Vernon Schryver [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
