A standard spammer trick is to send from a fake @sender.domain, which we can reject_unknown_sender, and the harvest the IPs to really block them.
Verisign has screwed up DNS at the gTLD-servers.net level for .com and .net so that every single query for anything .com or .net always works: # dig aflkajflafjlf.com any ; <<>> DiG 9.2.1 <<>> aflkajflafjlf.com any ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23881 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 0 ;; QUESTION SECTION: ;aflkajflafjlf.com. IN ANY ;; ANSWER SECTION: aflkajflafjlf.com. 900 IN A 64.94.110.11 ;; AUTHORITY SECTION: com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. http://www.verisign.com/resources/gd/sitefinder/implementation.pdf Their idea is to redirect web traffic querying for typos to verisign so verisign can sell their crap. I consider this to be blatant abuse and conflict of interest of verisign's role as commercial registrar and as infrastruture operator of .com/.net registry/nameservers. There's no defense against it at the SMTP level. We lose a useful anti-spam tool. No mail will be coming from the above IP. Expect the spammers to exploit this verisign dirty trick by forging @sender.domains and we can no longer detect the forgery. But reject_unverified_sender will catch them. One tactic to payback Verisgin is block access in and out at your router for the verisign Class C 64.94.110/24. This will prevent your networks and users from benefiting versign by being unable to visit their dirty tricks website. Len
