RE: RBLs for SPAM Control

["David Gillett" <gillettdavid () fhda edu>]

  More and more providers of dynamic IP addresses (i.e., ISPs)
are blocking them as SMTP sources, and requiring DHCP users to
relay via a server provided by the ISP.  So "direct to MX"
traffic from DHCP clients should only come from viruses and 
spambots, which don't know about the relay requirement.

  Done right, this isn't nearly the problem that many half-
knowledgeable users expect it to be.  MOST ISPs recognize that
their customers need to be able to send email with From:
headers referring to personal or employer domains, and so
don't ALSO try to filter on From: domain for properly-relayed
traffic.  A very few ISPs need to converse with the business
end of a clue-by-four to understand this; once they do, 
legitimate email flows smoothly and cleanly.

David Gillett


> -----Original Message-----
> From: Alexis [mailto:bonobo () bigpond net au]
> Sent: Thursday, August 04, 2005 8:48 AM
> To: security-basics () securityfocus com
> Subject: Re: RBLs for SPAM Control
>
>
> On Thu, 4 Aug 2005 02:12 pm, you wrote:
> > As a rule of thumb, most RBLS automatically list dynamic 
> IPs used for dial
> > ups / modem pools of ISPs as suspicious. Simply because any 
> mail from a
> > dynamic IP is considered unsafe, in RBL terms !
>
> Interesting . . . . i wonder how many false-positives this 
> creates? i would 
> think it would be quite a few, given the number of people who 
> send emails 
> from dynamic IPs . . . .
>
> > Nothing much you can do, other than ask your ISP to 1) add 
> reverse DNS for
> > the IP blocks and 2) try to get the IP block removed from 
> the list(s)
>
> *nod* Okay, thanks.
>
> Alexis.