[RFCI-Discuss] .NU considered harmful

Anders Andersson rfci-discuss@lists.megacity.org
Thu, 31 Oct 2002 04:16:53 +0100 (MET) 

Derek J. Balling wrote:
>On Tuesday, October 29, 2002, at 10:45  PM, Jeff Makey wrote:
>> The correct RFCI response to this would be to list *.NU in the DSN,
>> postmaster, & abuse zones and then whitelist real domains that ask to
>> be delisted, but that would be a lot of effort.  Is there a precedent
>> for this situation?
>
>If you can get me a complete list of *.NU domains, that *might* be 
>possible, because otherwise, there would be false claims being made 
>against the many (valid-to-DSN) .NU domains.
>
>Otherwise, though, it's a crappy problem with no real easy solution...

Agreed.  Since the problem is about the dubious _existance_ of
the domain itself, having it included in four blacklists meant
to identify existing but _non-RFC-compliant_ domains seems like
the wrong tool for the job.

I made the same observation as Jeff some time ago, but neither
have I seen any indication that the spammers are catching on in
this respect, so it remains to be seen how urgent this problem is.
Note that it's not just the .NU TLD; _any_ wildcard A records in
the DNS can be abused in this fashion, including your own pointing
to various 127.0.0.0/24 addresses.

So, I think those postmasters who are concerned about this problem
(I'm in, if you ask me) should design their own solution, something
like:

 1. Look up {sender-domain}.DOMAIN.DUMMY.RFC-IGNORANT.ORG.
    If it doesn't exist, skip the rest of this procedure.
 2. Look up an A record for {sender-domain}.  Save it for step 3.
    If it doesn't exist, you shouldn't be here in the first place.
 3. Look up $4.$3.$2.$1.A.DUMMY.RFC-IGNORANT.ORG.  If it exists, we
    have a dummy record abused, and the message should be rejected.

Records currently required given this proposed scheme are:

$ORIGIN DUMMY.RFC-IGNORANT.ORG.
*.0.A					IN	A	127.0.0.2
9.105.55.64.A				IN	A	127.0.0.2
*.127.A					IN	A	127.0.0.2
6.91.181.212.A				IN	A	127.0.0.2
*.255.A					IN	A	127.0.0.2
*.NU.DOMAIN				IN	A	127.0.0.2
*.DUMMY.RFC-IGNORANT.ORG.DOMAIN		IN	A	127.0.0.2

Ok, that last one may be a slight exaggeration of the concept... :-)
Another thing, since using wildcard records isn't in violation of
any standards track RFC, maybe RFC-Ignorant.Org isn't the proper
umbrella for this particular record set, but the above should
serve as an illustration anyway.

The concept may be extended with listings of dummy MX hosts as well
if that turns out to be a problem (you may recall an earlier issue
concerning a flawed MX serving hundreds of domains, requiring each
domain served to be listed separately; those who need a solution
for that may find this approach useful).

But then again, it may not be too urgent yet.

--
Anders Andersson, Dept. of Computer Systems, Uppsala University
Paper Mail: Box 325, S-751 05 UPPSALA, Sweden
Phone: +46 18 4713170   EMail: andersa@DoCS.UU.SE