Security Basics mailing list archives
Re: educating rDNS violators
From: SMiller () unimin com
Date: Wed, 25 Aug 2004 17:09:52 -0400
First, I am grateful for all of the answers received, so please do not misinterpret the following. I will let this stand for the group of responses that might well be summarized by the expression "tough ti11y said the kitty, but the milk's still sweet." I don't know how much of those respondents' critical business communications are conducted by email, but for my employer it has become very high. We also serve a customer base and are in turn served by a vendor base that is technologically typically trailing edge, and composed of concerns that are highly unlikely to understand the need or method for publishing reverse DNS mappings. Has it been forgotten that this service (email) serves a utilitarian business purpose? That a vitally important contract, or bid, or quote opportunity could be irrevocably lost as the result of denying email delivery from legitimate business partners? It isn't inconceivable that several hundred thousand USD in revenue could swing on an undelivered email or five. All those here who would like to admit responsibility and disclaim "But I was blocking spam", when your CEO asks IT how such a thing could possibly have happened, raise your hands. There is another old saw, "throwing the baby out with the bath water". To me, it seems that an inflexible implementation of reverse dns validation of email at this time runs the risk of accomplishing just that. YMMV. Scott James Kelly <jim@essistants.c om> To JGrimshaw () ASAP com 08/24/2004 10:31 cc PM security-basics () securityfocus com Fax to Subject Re: educating rDNS violators -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This may then force customers to switch providers to one who properly sets up their service. Jim JGrimshaw () ASAP com wrote: | With that in mind, with many customers using large ISPs for their public | DNS service, a updating the bounce back message might not resolve | anything, as the emailing site may not be in the authority to make the | changes you have requested, and the large ISP may not have the | wherewithall to implement such policies. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBK/nv3IzKSZsd6+oRAt52AKDBkO/xBF/TtPxMhpbxsPBVJKsYSgCfZNlJ xXvyx3fgsswII+fYXL+Adws= =5KM+ -----END PGP SIGNATURE----- --------------------------------------------------------------------------- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ----------------------------------------------------------------------------
Current thread:
- Re: educating rDNS violators, (continued)
- Re: educating rDNS violators Derek Schaible (Aug 25)
- Message not available
- Re: educating rDNS violators Derek Schaible (Aug 25)
- RE: educating rDNS violators David Gillett (Aug 26)
- Re: educating rDNS violators token (Aug 26)
- RE: educating rDNS violators David Gillett (Aug 30)
- Re: educating rDNS violators Derek Schaible (Aug 25)
- Re: educating rDNS violators Niek (Aug 26)
- Re: educating rDNS violators Derek Schaible (Aug 30)
- Re: educating rDNS violators James Kelly (Aug 25)
- Re: educating rDNS violators Bryan S. Sampsel (Aug 25)
- Re: educating rDNS violators SMiller (Aug 26)
- Re: educating rDNS violators Derek Schaible (Aug 25)
- Re: educating rDNS violators Mark Reis (Aug 28)
- Re: educating rDNS violators Derek Schaible (Aug 30)
- Re: educating rDNS violators Bryan S. Sampsel (Aug 30)