Setting my MX TTL higher to avoid hackers?


#1

Hey,

So I read this article: http://www.gizmodo.com.au/2014/01/how-i-lost-my-50000-twitter-username/ and it has got me a little paranoid.

I’d like to raise my MX TTL on dreamhost to avoid my email or domain being hijacked in a similar manner. I just had a little dig around the control panel but nothing jumped out.

What to do?


#2

the short answer is, dreamhost customers have no control over TTL for any record type.

Good link tho!
[hr]
also MX TTL is 4 hours at dreamhost if you wondered.


#3

Setting the MX TTL higher is unlikely to help in a situation like this. The TTL on a DNS record is just the maximum time that another DNS server may continue using it before checking back for an update — it only applies to servers that have previously looked up that record, and it does not require that the record actually be kept around for that amount of time. In situations like the one described, where the remote mail server may only be communicating with your domain occasionally, there is no guarantee that the old DNS record will even be in their cache at all, nor that it will actually persist as long as you request (particularly if it’s infrequently used!).

We strongly recommend that DreamHost customers enable multifactor authentication to prevent account hijacking. It protects against a much wider range of attacks than this, and is very easy to set up.


#4

I realize the following suggestion goes beyond what most service providers will provide any time soon, but one of the ways the state of the art improves is by customers continually raising the bar in what they ask for.

Multi-factor authentication is too annoying for ordinary use. I would like to set up my account so that I can get in to it with a regular login+password for routine activities, but have critical activities such as changing the account credentials protected by multi-factor authentication.


#5

I don’t find dreamhost’s implementation too annoying for use personally. On my personal laptop I change the dropdown at login to “1 month”, then when using my laptop I don’t have to provide the multi-factor code again for a month… but I do have to log in again with user and pass anytime my laptop has gone to sleep. If I log in from a different computer, multi-factor will be required.


#6

Thanks for the replies all - certainly TTL is a new concept to me and happy to take advice on its usefulness.

I use two factor wherever I can, but I must have missed it here. Turning it on now, even without a single character twitter handle to my name!