On Mon, 9 Apr 2018 09:56:20 -0500
David Jones <djo...@ena.com> wrote:
> On 04/09/2018 09:44 AM, Reindl Harald wrote:
> > you simply don't want connect to every innocent MX which inbound
> > mail is forged because for the sake of god you are attacking the
> > victim of spoofed mails and you are easily part of a distributed
> > DOS when your few connections back are only a small part
Also, if an innocent domain's MX server just happens to be down
when you check, you could get a FP.
Checking for the existence of a sane MX record is good practice.
I'm not so sure about actually trying to connect to said MX, even if
you take basic precautions to minimize connections.