MoinQ:

Contents

  1. whois
  2. history

Dangling DNS MX http://dnsinstitute.com/research/dangling-mx/

Dangling MX Targets for Resell https://dnsinstitute.com/research/dangling-mx/dangling-mx-resell.html

1. whois

 PDF screenshot

This paper shares examples of a novel approach to finding Dangling DNS targets where, due to typos or lack of tracking, DNS MX records may point to domains that are available for third-party purchase and potentially be abused for impersonation, social engineering attacks, and private information theft with partial (like collect some messages) or complete (for two-way communications) email take over.

http://dnsinstitute.com/research/dangling-mx/dangling-mx-nxdomain-provider-domains.html

IP addresses in mail

https://cr.yp.to/im/ip.html

2. history

Bracketed IP addresses

Numeric MX records
  Many clients, notably sendmail, support IP addresses in MX records:
     clueless.net. IN MX 0 192.160.127.125.

agi.com.                60      IN      MX      450 agi-com.mail.protection.office365.us.
agi.com.                60      IN      MX      460 65.89.176.39.
agi.com.                60      IN      MX      480 extnpamr00.agi.com.
agi.com.                60      IN      MX      500 mail.stk.com.

fluistr.com.            14400   IN      MX      20 174.138.10.9.

flickreel.com.          3600    IN      MX      1 213.171.216.40.

floridasmart.com.       300     IN      MX      1 68.66.224.58.

foo.com.                600     IN      MX      1000 0.0.0.0.





Some clients will skip this MX record, since the name 192.160.127.125 does not exist in DNS. 
Sites that set up numeric MX records end up losing mail. 
However, there are thousands of numeric MX records, so I strongly encourage clients to support them. 


CategoryDns CategoryWatch CategoryTemplate

MoinQ: DNS/MX (last edited 2024-01-23 13:01:56 by ToshinoriMaeno)