Educause Security Discussion mailing list archives
Re: Reverse DNS
From: Jesse Thompson <jesse.thompson () DOIT WISC EDU>
Date: Wed, 21 Jan 2009 07:59:45 -0600
I agree with what Valdis said. Our anti-spam software (Sophos PureMessage) has rules that do these checks. It has rules that determine if the IP is on a consumer network, etc. I'll leave it to the vendor to determine how significant these checks can be to determine a spam rating. It is what we pay them to do, and they are doing a good job. Additionally, we use an open source application called gross (http://code.google.com/p/gross/), which is a hybrid greylisting/blacklisting server that is responsible for reducing our spam volumes by 80%. Reverse DNS checks are on the TODO list for this project. Gross would use the reverse DNS checks to determine whether to greylist (or blacklist depending on the weighting) messages from that IP. I think that sophisticated reverse DNS checks, such as the ones that our vendor use, have been very effective at detecting botnet spam. I infer that this is why the spammers are escalating the spam war to using compromised accounts on trustworthy email services. Jesse UW Madison Daniel Bennett wrote:
I am wondering if any institutions have enabled reverse DNS on their incoming emails to help block spam? If you use it, how many legitimate emails are blocked? If you don't use it, what other measures do you employ to help reduce the amount of spam that makes it through your spam filter? Thanks, Daniel Bennett IT Security Analyst Security+ PA College of Technology One College Ave Williamsport PA 17701 (P) 570.329.4989
-- Jesse Thompson Division of Information Technology, University of Wisconsin-Madison Email/IM: jesse.thompson () doit wisc edu
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Reverse DNS Daniel Bennett (Jan 20)
- <Possible follow-ups>
- Re: Reverse DNS Valdis Kletnieks (Jan 20)
- Re: Reverse DNS David Gillett (Jan 20)
- Re: Reverse DNS Jesse Thompson (Jan 21)
- Re: Reverse DNS Dexter Caldwell (Jan 21)