<<< Date Index >>>     <<< Thread Index >>>

Verisign wildcard RRs



I clearly support the ALAC's request to stop Verisign's misuse of the com and net zones as soon as possible.

First of all, these wildcard records cause serious technical problems. MTAs, for instance, cannot verify the validity of specific FQDNs by consulting the DNS, resulting in numerous restrictions such as:

1. Outbound mail relays can no longer reject a message during the SMTP connection based on the validity of the recipient's domain. Instead, each message containing a typing error in its recipient address causes a delivery attempt to Verisign's fake MTA followed by an error message returned to the sender.

2. Inbound mail servers can no longer treat messages containing forged (and inexistent) sender domains as spam, thus allowing spammers to use random domains, e.g. to avoid legal problems that might arise when abusing existing domains.

HTTP spiders used to identify broken links in HTML documents are no longer able to detect domain names that have become invalid.

Furthermore, Verisign's wildcard records violate the concept of multiple competing registrars offering .com and .net registration services. As one of many registrars, Verisign should not be allowed to use privileged access to the com and net zones for marketing purposes.

Ole Pahl