Educause Security Discussion mailing list archives
Re: Reverse DNS
From: David Gillett <gillettdavid () FHDA EDU>
Date: Tue, 20 Jan 2009 11:19:29 -0800
There are a couple of ways that reverse DNS might be used in the hopes that it will reduce spam. The most simplistic is to only accept email from addresses for which an rDNS entry can be found. Several large ISPs have taken to providing dummy rDNS records for their entire address space, ensuing 100% positive validation. Enough overseas organizations never bother with rDNS to provide a near 100% negative validation for foreign sources, also unacceptable. Various approaches have been taken to try to validate that the data in the rDNS record does in fact refer to the sending machine. We were taken to task last year by a user because our email servers failed the checks they were attempting, which they asserted were "very common". The checks would have been failed by many organizations with multiple email servers, especially if sent mail was normally sent on a different pathway than inbound email was received on. A bit of research demonstrated that what was "very common" about this approach to verifying senders was the number of times it had been attempted and ABANDONNED due to unacceptable numbers of false negatives. If you can be more specific about how you are thinking of using rDNS to detect spam, we can be more specific about whether what you can actually work. My experience to date suggests that the odds are not in its favour. David Gillett
-----Original Message----- From: Daniel Bennett [mailto:dbennett () PCT EDU] Sent: Tuesday, January 20, 2009 6:48 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Reverse DNS I am wondering if any institutions have enabled reverse DNS on their incoming emails to help block spam? If you use it, how many legitimate emails are blocked? If you don't use it, what other measures do you employ to help reduce the amount of spam that makes it through your spam filter? Thanks, Daniel Bennett IT Security Analyst Security+ PA College of Technology One College Ave Williamsport PA 17701 (P) 570.329.4989
Current thread:
- Reverse DNS Daniel Bennett (Jan 20)
- <Possible follow-ups>
- Re: Reverse DNS Valdis Kletnieks (Jan 20)
- Re: Reverse DNS David Gillett (Jan 20)
- Re: Reverse DNS Jesse Thompson (Jan 21)
- Re: Reverse DNS Dexter Caldwell (Jan 21)