RE: email address "spoofed"

["David Gillett" <gillettdavid () fhda edu>]

  A great many ISPs who hand out addresses via DHCP maintain a
set of generic reverse-DNS entries for their scopes.  On the one
hand, this greatly diminishes the value of this lookup as an
anti-spam measure; on the other hand, it avoids the particular
problem you describe.
  A more effective measure employed by several ISPs is to block
outbound SMTP at their borders, except for their own officially
sanctioned email server(s).  This cuts the propagation of viruses
with their own SMTP engine, and use of spam-sending packages with
their own, to virtually nil, and if they don't turn on the reverse
check, they can probably (*safely*) avoid setting up reverse 
records for their DHCP scopes.
  If your ISP allows arbitrary port 25 traffic to the world, but 
won't set up reverse ranges on its DNS servers, maybe you should
evaluate some of their competitors....

David Gillett


> -----Original Message-----
> From: Aditya, ALD [Aditya Lalit Deshmukh]
> [mailto:aditya.deshmukh () online gateway technolabs net]
> Sent: Wednesday, March 10, 2004 2:02 AM
> To: gillettdavid () fhda edu; hometeam () goeaston net; 'security-basics'
> Subject: RE: email address "spoofed"
>
>
> > Note that by now many SMTP servers reject mail unless they 
> get *some*
> > answer on the reverse lookup; few spend much effort 
> detecting spoofed 
> > HELO names, which often are made-up IP addresses or the name of the
> > receiving server (in hopes of bypassing any relay filters in place).
>
> this is the case of the server on which the openssl mailing 
> list run, the server will try to reverse resolve the domain 
> if it does not get it responce it simply reject all the mail. 
> this is good at cutting spam. but there is a problem who get 
> his address assigned on a dhcp lease that expires every 8 
> hours, of course all the forward dns records are updates as 
> soon as this occurs but the reverse dns my isp refuses to set 
> them up. so i have to use some very convuluted method to send 
> mail to openssl mailing list.
>
> i think, the server should try to forward resolve the dns 
> name that it recieves in helo and if it does not match then 
> reject, because setting up the reverse is in the hands of 
> whoever controls the dns server. many times this is not 
> someone who would setup and update the reverse records 
>
> -aditya
>
>
> ______________________________________________________________
> __________
> Delivered using the Free Personal Edition of Mailtraq 
(www.mailtraq.com)


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------