blacklisting replies, was: Proper CNAME interpretation

Thu Sep 15 23:32:17 UTC 2011

In message <39634800-7E01-4878-B1A1-CF384C8A690F at mac.com>, 
Chuck Swiger <cswiger at mac.com> wrote:

>On Sep 14, 2011, at 5:09 PM, Ronald F. Guilmette wrote:
>> In message <CF550BD6-BA85-4CB3-8B03-E4E1B0829A1D at mac.com>, you wrote:
>>> Sigh: your mail server is blacklisting email from mac.com.
>> 
>> Yes.  Sorry about that.  Too much spam from there and no indication
>> that anybody there gives a damn that that they gush spam.  (If you
>> find anybody who does care, please le me know via the contact form on
>> my web site.)
>
>Being an RFC-2142 contact for a large domain is a never-ending, often thankles
>s labor worthy of Sisyphus. [1]

I have a thought on that which I'd like to share, below.

>This mailing list seems to be using GNU Mailman, which generally will try to a
>void sending an extra copy of list traffic if it notices that a recipient is a
>lso To: or CC:ed directly.

Too clever by half.

>nslookup has been deprecated for some time, because it isn't a particularly go
>od tool for diagnosing DNS issues.  dig is much better.

OK.  Thanks.  I didn't know that.

>> Also very puzzling is what I get when I just do:
>> 
>>    dig graphiteops.com a @127.0.0.1
>> 
>> In this case I only get back the CNAME record, and the A record doesn't even
>> appear in the dig output !?!?!  So what's up with that???
>
>I don't see that here; asking for an A record against a local nameserver gives
> me an A record back:

Hummm... well.. ya know, I haven't upgraded in some time, so I'm gonna chalk
this one up to my own laziness.

>> P.S.  Curiously, I am getting the exact same odd results out of dig, even
>> when I force it to directly query one of the authoritative servers for the
>> graphiteops.com domain.  So, for example:
>> 
>>   dig graphiteops.com a @pdns1.ultradns.net
>> 
>> only shows me the CNAME... no A record!  Whereas:
>
>You're getting strange results back from pdns1.ultradns.net; it's not dig, it'
>s what they return.

Ah!  OK.  So I'm not crazy after all!  (Well, maybe we had better not jmp
to any conclusion until all the facts are in.)

>> But it is doing the exact opposite of that... sending me back just the CNAME
> and keeping the `A' to itself.
>
>Yeah.  I don't know what DNS software ultradns.net are running, but it's not h
>andling this error case correctly.

OK.  Thanks.  I feel better already... I think.

At least I know now that the goofyiness is not all on my end of the wire.

>[1]: Yes, I know at least some of the folks who handle IS&T communication serv
>ices like email-- including postmaster@ and abuse at -- for various Apple domains

Unfortunately so do I, and at least one of them thinks that running mailing
lists with no new subscriber confirmation step is just peachy.  I disagree.

>So it's not a matter of finding them; yes, they care;

"Care" is a relative term.

The admins or the management at mac.com apparently don't care enough to
implement the kind of outbound per-account rate limiting that would
prevent me from ever seeing spam from one of their spammer customers.

I also "care" about people being murdered on a daily basis in Darfur.
I just don't spend a lot of my day doing anything about it.... kinda
like the admins @ mac.com and outbound spam.