Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Reverse DNS

From: David Gillett <gillettdavid () FHDA EDU>
Date: Tue, 20 Jan 2009 11:19:29 -0800
  There are a couple of ways that reverse DNS might be used in
the hopes that it will reduce spam.

  The most simplistic is to only accept email from addresses for
which an rDNS entry can be found.  Several large ISPs have taken
to providing dummy rDNS records for their entire address space,
ensuing 100% positive validation.  Enough overseas organizations
never bother with rDNS to provide a near 100% negative validation
for foreign sources, also unacceptable.

  Various approaches have been taken to try to validate that the
data in the rDNS record does in fact refer to the sending machine.
We were taken to task last year by a user because our email servers
failed the checks they were attempting, which they asserted were
"very common".  The checks would have been failed by many
organizations with multiple email servers, especially if sent mail
was normally sent on a different pathway than inbound email was
received on.  A bit of research demonstrated that what was "very
common" about this approach to verifying senders was the number of
times it had been attempted and ABANDONNED due to unacceptable
numbers of false negatives.

  If you can be more specific about how you are thinking of using
rDNS to detect spam, we can be more specific about whether what you
can actually work.  My experience to date suggests that the odds are
not in its favour.

David Gillett



-----Original Message-----
From: Daniel Bennett [mailto:dbennett () PCT EDU]
Sent: Tuesday, January 20, 2009 6:48 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Reverse DNS

I am wondering if any institutions have enabled reverse DNS
on their incoming emails to help block spam?  If you use it,
how many legitimate emails are blocked?  If you don't use it,
what other measures do you employ to help reduce the amount
of spam that makes it through your spam filter?

Thanks,

Daniel Bennett
IT Security Analyst
Security+

PA College of Technology
One College Ave
Williamsport PA 17701
(P) 570.329.4989
Previous By Date Next
Previous By Thread Next

Current thread: