Security Basics mailing list archives
RE: Final Words on "Educating RDNS violators" - Debunking the Myth's
From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 9 Sep 2004 08:29:17 -0700
-----Original Message----- From: LordInfidel [mailto:LordInfidel () directionweb com]
The answer is, while most ISPs will allow their customers to relay mail thru their servers, they will only allow mail from their (the isps) domain name space.
I have never encountered an ISP who imposed this restriction, which is neither easy to implement, nor necessary for the ends the ISP is trying to accomplish. What the ISPs I've dealt with implement is blocking their non- static ADDRESS SPACE from sending out SMTP directly to outside destinations without relaying through the ISP's SMTP server. This is sufficient to block/prevent: 1. Email viruses/worms that contain their own SMTP engine. 2. Spam sources that contain their own SMTP engine. 3. Compromised/open relays. 4. Servers set up in violation of ToS. 5. Faked headers claiming that a spam/virus/etc originated in their non-static address space, since they can demonstrate that that's not possible. All without looking at any domain information, either domain name space OR rDNS! All that checking rDNS tells you is that the sender has valid rDNS information. It doesn't tell you anything about whether the source is or is not doing any of the above five things, especially if, as the ISP, you've set up basic rDNS for your address space (or at least your server) in order to routinely pass such checks implemented on destination servers. Dave Gillett
--------------------------------------------------------------------------- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ----------------------------------------------------------------------------
Current thread:
- Final Words on "Educating RDNS violators" - Debunking the Myth's LordInfidel (Sep 02)
- Re: Final Words on "Educating RDNS violators" - Debunking the Myth's Derek Schaible (Sep 07)
- Re: Final Words on "Educating RDNS violators" - Debunking the Myth's Derek Schaible (Sep 08)
- <Possible follow-ups>
- RE: Final Words on "Educating RDNS violators" - Debunking the Myth's LordInfidel (Sep 08)
- RE: Final Words on "Educating RDNS violators" - Debunking the Myth's [?? Probable Spam] Derek Schaible (Sep 08)
- RE: Final Words on "Educating RDNS violators" - Debunking the Myth's David Gillett (Sep 10)
- Re: Final Words on "Educating RDNS violators" - Debunking the Myth's Gabriel Orozco (Sep 13)