Security Basics mailing list archives
RE: email address "spoofed"
From: "David Gillett" <gillettdavid () fhda edu>
Date: Wed, 10 Mar 2004 08:22:21 -0800
A great many ISPs who hand out addresses via DHCP maintain a set of generic reverse-DNS entries for their scopes. On the one hand, this greatly diminishes the value of this lookup as an anti-spam measure; on the other hand, it avoids the particular problem you describe. A more effective measure employed by several ISPs is to block outbound SMTP at their borders, except for their own officially sanctioned email server(s). This cuts the propagation of viruses with their own SMTP engine, and use of spam-sending packages with their own, to virtually nil, and if they don't turn on the reverse check, they can probably (*safely*) avoid setting up reverse records for their DHCP scopes. If your ISP allows arbitrary port 25 traffic to the world, but won't set up reverse ranges on its DNS servers, maybe you should evaluate some of their competitors.... David Gillett
-----Original Message----- From: Aditya, ALD [Aditya Lalit Deshmukh] [mailto:aditya.deshmukh () online gateway technolabs net] Sent: Wednesday, March 10, 2004 2:02 AM To: gillettdavid () fhda edu; hometeam () goeaston net; 'security-basics' Subject: RE: email address "spoofed"Note that by now many SMTP servers reject mail unless theyget *some*answer on the reverse lookup; few spend much effortdetecting spoofedHELO names, which often are made-up IP addresses or the name of the receiving server (in hopes of bypassing any relay filters in place).this is the case of the server on which the openssl mailing list run, the server will try to reverse resolve the domain if it does not get it responce it simply reject all the mail. this is good at cutting spam. but there is a problem who get his address assigned on a dhcp lease that expires every 8 hours, of course all the forward dns records are updates as soon as this occurs but the reverse dns my isp refuses to set them up. so i have to use some very convuluted method to send mail to openssl mailing list. i think, the server should try to forward resolve the dns name that it recieves in helo and if it does not match then reject, because setting up the reverse is in the hands of whoever controls the dns server. many times this is not someone who would setup and update the reverse records -aditya ______________________________________________________________ __________ Delivered using the Free Personal Edition of Mailtraq
(www.mailtraq.com) --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- email address "spoofed" Tim Laureska (Mar 08)
- RE: email address "spoofed" David Gillett (Mar 08)
- RE: email address "spoofed" Aditya, ALD [Aditya Lalit Deshmukh] (Mar 10)
- RE: email address "spoofed" David Gillett (Mar 11)
- RE: email address "spoofed" Aditya, ALD [Aditya Lalit Deshmukh] (Mar 15)
- RE: email address "spoofed" David Gillett (Mar 15)
- RE: email address "spoofed" Aditya, ALD [Aditya Lalit Deshmukh] (Mar 10)
- RE: email address "spoofed" David Gillett (Mar 08)
- Re: email address "spoofed" Adrian Hall (Mar 11)
- <Possible follow-ups>
- RE: email address "spoofed" Chinnery, Paul (Mar 08)
- Re: email address "spoofed" Sean Earp (Mar 08)