Verisign Wildcard DNS

Verisign breaks DNS protocol

Download update now This download is available to registered users with current Upgrade Protection. Click here to login to your account and access the update.

Verisign, the company which runs the .com and .net domains names, have introduced a 'service' whereby if you mistype a domain name, their search page is displayed.

Aside from the legal and privacy issues this raises, a side-effect of this action has been to break anti-spam software which checks to see if an incoming email is from a valid domain.

Mailtraq was one of the first mail servers to provide users with these checks, which can be used in conjunction with other Mailtraq features and sensible user behavior to minimise unwanted spam.

In response to Verisign's action Mailtraq announces the immediate availability of a build which restores the expected anti-spam functionality.

More information

Read more about Mailtraq, the anti-spam email server

The Mailtraq functionality affected can be found in the Mailtraq console under:

Options | Services | SMTP Service | Properties | Abuse tab

Verify Return-Path has valid MX or A record

If this is checked, Mailtraq will lookup the MX and A records of the domain specified in the FROM: statement (which is the message's Return-Path). If Mailtraq cannot resolve this name, it will refuse the message. This is both because it cannot discharge its responsibilities, and because the message has probably been sent as part of an attack or is SPAM.

The Verisign action means that where the DNS protocol mandates they should return an NXDOMAIN message when there isn't a valid domain, they are returning an IP address, currently, 64.94.110.11

Build 1450 and above of Mailtraq is aware of that IP address, and treats it as if an NXDOMAIN had been returned.

Following demands from the user community, and an ultimatum from the governing body, ICANN, Verisign have now reversed their changes. We will continue to monitor the situation and make further changes if required.