[dns-operations] email address in SOA

Mike Hoskins (michoski) michoski at cisco.com
Mon Dec 10 15:56:57 UTC 2012

-----Original Message-----

From: Chris Thompson <cet1 at cam.ac.uk>
Reply-To: "cet1 at cam.ac.uk" <cet1 at cam.ac.uk>
Date: Monday, December 10, 2012 9:40 AM
To: Joe Abley <jabley at hopcount.ca>
Cc: DNS Operations List <dns-operations at mail.dns-oarc.net>
Subject: Re: [dns-operations] email address in SOA

>On Dec 6 2012, Joe Abley wrote, in re the SOA.rname field:
>>It's used for
>>(a) legitimate operational communication with a zone maintainer, and
>>(b) source data for people harvesting addresses in order to send spam.
>>Since the e-mail resulting from (b) greatly outnumbers the e-mail
>>from (a), it's a reasonable assumption on the part of an (a) sender that
>>in most cases the address won't be useful. Correspondingly, it's a
>>assumption on the part of most zone maintainers that the address doesn't
>>matter, unless you're in the business of collecting spam (or have a
>>effective way to sift through the spam to find the legitimate mail).
>>But perhaps I'm being over-cynical.
>I think you are being over-cynical. Spam is a fact of Internet life,
>one advertises contact addresses, and I don't actually see much evidence
>spammers collect SOA.rname values rather than picking things out of web
>mailing list archives, etc.
>Our main hostmaster address, in the SOA.rname of e.g. "cam.ac.uk" gets
>of spam, but not much more than an alias which was almost certainly picked
>up from web pages, while an SOA.rname for several other zones[*], which
>probably appears in no unrestricted web pages, gets almost none.
>[*] No, of course I'm not going to say which they are here... :-)

We list different contact info in our WHOIS and SOA fields, and I haven't
gotten any spam to our SOA address since working here.  Not a huge
exposure, but that includes ~30 customer-facing domains that are widely
known.  Other places I got a fair amount, but someone else set that up and
used the WHOIS contact for everything.

Either way, if you're going to run domains I think you should deal with
spam (filter it) and be responsive to the address listed in the
SOA...common courtesy.  At least, I know I some times reach out to that
address or WHOIS contacts when I see something suspicious and can't figure
out where else to turn.

IMCO if the spammers make us abandon legitimate contact mechanisms,
they've already won...much like terrorists who make it impossible to get
on airplanes.  :-)

More information about the dns-operations mailing list