Verisign wildcard RRs
- To: forum@xxxxxxxxxxxxxx
- Subject: Verisign wildcard RRs
- From: Ole Pahl <op@xxxxxxxx>
- Date: Thu, 18 Sep 2003 16:01:47 +0200
- User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5b) Gecko/20030901 Thunderbird/0.2
I clearly support the ALAC's request to stop Verisign's misuse of the
com and net zones as soon as possible.
First of all, these wildcard records cause serious technical problems.
MTAs, for instance, cannot verify the validity of specific FQDNs by
consulting the DNS, resulting in numerous restrictions such as:
1. Outbound mail relays can no longer reject a message during the SMTP
connection based on the validity of the recipient's domain. Instead,
each message containing a typing error in its recipient address causes a
delivery attempt to Verisign's fake MTA followed by an error message
returned to the sender.
2. Inbound mail servers can no longer treat messages containing forged
(and inexistent) sender domains as spam, thus allowing spammers to use
random domains, e.g. to avoid legal problems that might arise when
abusing existing domains.
HTTP spiders used to identify broken links in HTML documents are no
longer able to detect domain names that have become invalid.
Furthermore, Verisign's wildcard records violate the concept of multiple
competing registrars offering .com and .net registration services. As
one of many registrars, Verisign should not be allowed to use privileged
access to the com and net zones for marketing purposes.
Ole Pahl