On Jan 21, 2013, at 2:12 PM, Vernon Schryver <[email protected]> wrote:
>> From: Paul Vixie <[email protected]> > >> Stephane Bortzmeyer wrote: > >>>> used by numerous software developers, programming languages, >>>> browsers (cookies), search engines, security software, and many >>>> other places. >>> >>> And 95 % of these uses are bad ideas: it creates false positives >>> (.CW...) and false negatives (it's not because .COM exists that >>> anything.com has a meaning). >> >> passionate +1. > > Why is anyone using such lists to validate domain suffixes? I recently > discovered a global, distributed database with nearby caching that > allows HTTP and SMTP servers to check whether the right hand side of > [email protected] is valid. It does not require that servers act exactly > miscreants doing dictionary attacks to find spam targets ("sender > address verification") or exactly like spammers sending unsolicited > bulk mail. > > Continuing the sarcasm is too much effort, so I'll simply ask why not > do DNS MX and A requests? (both because of the fall-back-to-A-if-no-MX > rule) If you get NXDOMAIN or NODATA for both MX and A, you know it > is invalid in an SMTP Rcpt_To command (unless you still believe in > SMTP source routing). If you get A or MX records, then it is at least > as likely to be valid as a name in other list. Please sir, if I run www.images.example.co.uk, can I set a cookie at images.example.co.uk? How about example.co.uk? Fine… Now .co.uk? Hmm… There is no DNS query that will (or should) tell me that... W > > > Vernon Schryver [email protected] > _______________________________________________ > dns-operations mailing list > [email protected] > https://lists.dns-oarc.net/mailman/listinfo/dns-operations > dns-jobs mailing list > https://lists.dns-oarc.net/mailman/listinfo/dns-jobs > -- "I think perhaps the most important problem is that we are trying to understand the fundamental workings of the universe via a language devised for telling one another when the best fruit is." --Terry Prachett _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
