Security Basics mailing list archives
Re: educating rDNS violators
From: Derek Schaible <dschaible () cssiinc com>
Date: Wed, 25 Aug 2004 07:08:17 -0400
On Mon, 2004-08-23 at 15:17, token wrote:
However, I'm not sure exactly how this is suppose to stop spam. Most implementations I've seen just check to see if a reverse DNS entry exists. You can put anything you want in there. Only the implementations that check that a reverse DNS record exists and then checks that the forward resolves to the same IP seem to do any good.
The way this helps spam reduction is that the vast majority of spam comes from exploited machines running rogue MTAs or some script kiddie on their DSL or cable modem. Such hosts will typically not have a valid rDNS entry. Additionally, if a company is sending legitimate email they will have no issues with you verifying their hosts in this manner. Many spam attempts will spoof a name of an smtp server that most people will allow. Adding rDNS stops this action. Mail servers should have correct DNS info. Forward and reverse. It is the sysadmin's responsibility to ensure that their systems are configured properly. Period. Of course, there are some companies with correctly configured DNS who are spam friendly and this tactic will not block them. However, those companies are few in comparison to the hacked/violated/kiddie machines that will not have correct DNS info. These spam-friendly systems with correct DNS info are trivial to black list. Hope this helps, too! -- Derek Schaible <dschaible () cssiinc com> CSSI, Inc.
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- educating rDNS violators SMiller (Aug 23)
- Re: educating rDNS violators token (Aug 24)
- Re: educating rDNS violators Derek Schaible (Aug 25)
- Message not available
- Re: educating rDNS violators Derek Schaible (Aug 25)
- RE: educating rDNS violators David Gillett (Aug 26)
- Re: educating rDNS violators token (Aug 26)
- RE: educating rDNS violators David Gillett (Aug 30)
- Re: educating rDNS violators Derek Schaible (Aug 25)
- Re: educating rDNS violators token (Aug 24)
- Re: educating rDNS violators Niek (Aug 26)
- Re: educating rDNS violators Derek Schaible (Aug 30)
- Re: educating rDNS violators James Kelly (Aug 25)
- Re: educating rDNS violators Bryan S. Sampsel (Aug 25)
- Re: educating rDNS violators SMiller (Aug 26)