Security Basics mailing list archives

RE: Final Words on "Educating RDNS violators" - Debunking the Myth's

From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 9 Sep 2004 08:29:17 -0700

-----Original Message-----
From: LordInfidel [mailto:LordInfidel () directionweb com]

The answer is, while most ISPs will allow their customers to 
relay mail thru their servers, they will only allow mail from 
their (the isps) domain name space.


  I have never encountered an ISP who imposed this restriction,
which is neither easy to implement, nor necessary for the ends
the ISP is trying to accomplish.

  What the ISPs I've dealt with implement is blocking their non-
static ADDRESS SPACE from sending out SMTP directly to outside
destinations without relaying through the ISP's SMTP server.
This is sufficient to block/prevent:

1.  Email viruses/worms that contain their own SMTP engine.

2.  Spam sources that contain their own SMTP engine.

3.  Compromised/open relays.

4.  Servers set up in violation of ToS.

5.  Faked headers claiming that a spam/virus/etc originated in 
    their non-static address space, since they can demonstrate
    that that's not possible.

  All without looking at any domain information, either domain
name space OR rDNS!


  All that checking rDNS tells you is that the sender has valid
rDNS information.  It doesn't tell you anything about whether
the source is or is not doing any of the above five things, 
especially if, as the ISP, you've set up basic rDNS for your
address space (or at least your server) in order to routinely
pass such checks implemented on destination servers.

Dave Gillett

---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------

Current thread:

Final Words on "Educating RDNS violators" - Debunking the Myth's LordInfidel (Sep 02)
- Re: Final Words on "Educating RDNS violators" - Debunking the Myth's Derek Schaible (Sep 07)
- Re: Final Words on "Educating RDNS violators" - Debunking the Myth's Derek Schaible (Sep 08)
- <Possible follow-ups>
- RE: Final Words on "Educating RDNS violators" - Debunking the Myth's LordInfidel (Sep 08)
  - RE: Final Words on "Educating RDNS violators" - Debunking the Myth's [?? Probable Spam] Derek Schaible (Sep 08)
    - Re: Final Words on "Educating RDNS violators" - Debunking the Myth's [?? Probable Spam] Hexis (Sep 13)
  - RE: Final Words on "Educating RDNS violators" - Debunking the Myth's David Gillett (Sep 10)
    - Re: Final Words on "Educating RDNS violators" - Debunking the Myth's Gabriel Orozco (Sep 13)