

Probable Cache Poisoning of Mail Handling Domains - jgrahamc
https://www.cert.org/blogs/certcc/post.cfm?EntryID=206

======
danyork
There is a longer discussion of this post in another HN submission:
[https://news.ycombinator.com/item?id=8304756](https://news.ycombinator.com/item?id=8304756)

------
danyork
Good to see someone documenting a situation where DNSSEC would help if: 1) the
mail servers were performing DNSSEC validation (as postfix now does); and 2)
the DNS zones were signed that included the MX records.

