Re: Reverse DNS

[Jesse Thompson <jesse.thompson () DOIT WISC EDU>]

I agree with what Valdis said.

Our anti-spam software (Sophos PureMessage) has rules that do these
checks.  It has rules that determine if the IP is on a consumer network,
etc.  I'll leave it to the vendor to determine how significant these
checks can be to determine a spam rating.  It is what we pay them to do,
and they are doing a good job.

Additionally, we use an open source application called gross
(http://code.google.com/p/gross/), which is a hybrid
greylisting/blacklisting server that is responsible for reducing our
spam volumes by 80%.  Reverse DNS checks are on the TODO list for this
project.  Gross would use the reverse DNS checks to determine whether to
greylist (or blacklist depending on the weighting) messages from that IP.

I think that sophisticated reverse DNS checks, such as the ones that our
vendor use, have been very effective at detecting botnet spam.  I infer
that this is why the spammers are escalating the spam war to using
compromised accounts on trustworthy email services.

Jesse
UW Madison

Daniel Bennett wrote:
> I am wondering if any institutions have enabled reverse DNS on their incoming emails to help block spam?  If you use it, how 
> many legitimate emails are blocked?  If you don't use it, what other measures do you employ to help reduce the amount 
> of spam that makes it through your spam filter?
>
> Thanks,
>
> Daniel Bennett
> IT Security Analyst
> Security+
>
> PA College of Technology
> One College Ave
> Williamsport PA 17701
> (P) 570.329.4989

--
  Jesse Thompson
  Division of Information Technology, University of Wisconsin-Madison
  Email/IM: jesse.thompson () doit wisc edu

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature