Re: Blocking MX query

[Mark Andrews <marka () isc org>]

In message <CAArzuost70Yq=KfXHXZSOV+ptg6apiDzm71=FhCS+Ty_yo5OAA () mail gmail com>, Suresh Ramasubramanian writes:
> On Wed, Sep 5, 2012 at 6:38 AM, Mark Andrews <marka () isc org> wrote:
> >         MUA's can make MX queries to validate entered addresses
> >         before SMTP/SUBMISSION is even attempted.
>
> Sure but not on this guy's network as he's transparently proxying dns
> and blocking MX requests on his proxy

Well he was looking for software to block the queries.  There is a
whole mentality that homes don't need X which on closer examination
just doesn't bear up to scrutany.  This includes blocking SMTP or
don't you think home users are entitled to have privacy when it
comes to whom they email?

STARTTLS from anywhere to anywhere is possible today and is not
vulnerable to interception except in the MX's themselves.  You can
secure the MX records (and their absense) and secure the CERTs used
by STARTTLS.

> Of course a bot can build up a rich cache of MX records from elsewhere
> and send from a botted 3g modem connected host on his network
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka () isc org