| ▲ | hu3 7 hours ago | ||||||||||||||||||||||
This is why I never use these IANA-reserved domains like .test, .example, .invalid, .localhost. I always make up some impossible domains like domain.tmptest Otherwise you're one DNS "misconfiguration" away from sending dev logs and auth tokens to some random server. > Since at least February 2020, Microsoft's Autodiscover service has incorrectly routed the IANA-reserved example.com to Sumitomo Electric Industries' mail servers at sei.co.jp, potentially sending test credentials there. | |||||||||||||||||||||||
| ▲ | tialaramex 7 hours ago | parent | next [-] | ||||||||||||||||||||||
It so happens that in this very specific case your obviously bad choice didn't make anything worse, that doesn't make it a good choice. "Aha, the defective trucks only cause injuries to people who have their hands on the wheel at highway speeds, but I've never bothered holding the wheel at high speed, I just YOLO so I wouldn't be affected" If people had used IANA's reserved TLDs they too would be unaffected because although Windows will stupidly try to talk to for example autodiscover.example that can't exist by policy and so the attempt will always fail. | |||||||||||||||||||||||
| ▲ | dc396 5 hours ago | parent | prev | next [-] | ||||||||||||||||||||||
As others have pointed out, using 'tmptest' works until someone buys tmptest -- unlikely, but people will buy anything these days. I always use the ISO-3166 "user-assigned" 2-letter codes (AA, QM-QZ, XA-XZ, ZZ), with the theory being that ISO-3166 Maintenance Agency getting international consensus to move those codes back to regular country codes will take longer than the heat death of the universe, so using them for internal domains is probably safe. | |||||||||||||||||||||||
| ▲ | jsheard 7 hours ago | parent | prev | next [-] | ||||||||||||||||||||||
It's all fun and games until Donuts buys .tmptest for some reason. | |||||||||||||||||||||||
| ▲ | Cthulhu_ 7 hours ago | parent | prev | next [-] | ||||||||||||||||||||||
Would that really make a difference in this case? It's a configuration error / bug in Microsoft's discovery server, they could have a fallback that goes "any unknown address, return this .jp address". | |||||||||||||||||||||||
| ▲ | whizzter 7 hours ago | parent | prev | next [-] | ||||||||||||||||||||||
.example is probably far safer than example.com. https://www.akamai.com/blog/security/autodiscovering-the-gre... According to it, it seems that if someone registers autodiscover.com then example.com lacking autodiscover.example.com will make Outlook try checking if autodiscover.com has an entry. It's just a braindead system. | |||||||||||||||||||||||
| ▲ | larrik 6 hours ago | parent | prev | next [-] | ||||||||||||||||||||||
And then you fire off 100k emails, they all bounce, and your mail service shuts you off... | |||||||||||||||||||||||
| ▲ | wongarsu 7 hours ago | parent | prev [-] | ||||||||||||||||||||||
brb, just filing paperwork to apply for the .tmptest gTLD /s | |||||||||||||||||||||||
| |||||||||||||||||||||||