How not to set up your DNS (part 24)

August 1, 2019

I'll start with the traditional illustration of DNS results:

; dig +short mx

What I can't easily illustrate is that none of the hostnames under exist. Instead, it seems that has shifted its current mail handling to, based on their current MX. While resolves to an IP address,, that IP address does not respond on port 25 and may not even be in service any more.

(It is not Office Depot's problem that we're trying to mail, of course; it is due to a prolific spammer hosted out of that is forging the envelope sender of their spam email from 'bounce@<various domains>', including and ''.)

This does point out an interesting risk factor in shifting your mail system handling when you have a lot of domains, possibly handled by different groups of people. In an ideal world you would remember all of the domains that you accept mail for and get in touch with the people who handle their DNS to change everything, but in this world things can fall through the cracks. I suspect it's especially likely to happen for places that have enough domains that handling adding and removing them has been automated.

(It's been a while since the last installment; for various reasons I don't notice other people's DNS issues very often these days. I actually ran across a DNS issue in 2017 that I was going to post, but I ran into this issue and never finished the entry.)

Written on 01 August 2019.
« How mountd and exportfs handle NFS export permissions on Linux
Getting NetworkManager to probably verify TLS certificates for 802.1x networks »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Thu Aug 1 12:16:04 2019
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.