Re: Massive SPAM Increase {-2.6} {-2.6}

[Steve Friedl <steve () unixwiz net>]

On Mon, Oct 16, 2006 at 02:29:56AM -0400, Paul Schmehl wrote:
> Send me an email at geek () stovebolt com, and I'll tell you.
>
> I'm not sure what you mean by "split inbound and outbound", but any 
> outbound MX host *should* be listed in DNS.  You only list one - 
> smtp.vt.edu.  192.82.162.213 is reversible, so it would get points for 
> being honest about its IP/hostname, but it would lose points for not being 
> listed in DNS as an MX.  The overall score would determine if the mail was 
> rejected, but I doubt that it would be.

Huh?

MX records are only used to describe machines that are able to receive
mail for the given domain: many many sites have farms of mail servers
that do nothing but send mail all day (Example: eBay and all the outbid
notifications you get). There is no requirement that they also receive
mail, and you should never list in MX a machine that won't accept mail.

This whole notion is just totally confused.

Now the question you *want* to ask is a useful one: "is this server
authorized to send mail on behalf of the sender?", but MX is not the
way to answer that question.

SPF is how to answer that question.  http://www.openspf.org/

Steve

--- 
Stephen J Friedl | Security Consultant |  UNIX Wizard  |   +1 714 544-6561
www.unixwiz.net  | Tustin, Calif. USA  | Microsoft MVP | steve () unixwiz net

------------------------------------------------------------------------------
This List Sponsored by: Black Hat

Attend the Black Hat Briefings & Training USA, July 29-August 3 in Las Vegas. 
World renowned security experts reveal tomorrow's threats today. Free of 
vendor pitches, the Briefings are designed to be pragmatic regardless of your 
security environment. Featuring 36 hands-on training courses and 10 conference 
tracks, networking opportunities with over 2,500 delegates from 40+ nations. 

http://www.blackhat.com
------------------------------------------------------------------------------