Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Reverse DNS

From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Tue, 20 Jan 2009 10:14:02 -0500
On Tue, 20 Jan 2009 09:47:38 EST, Daniel Bennett said:

I am wondering if any institutions have enabled reverse DNS on their incoming
emails to help block spam?


I'm assuming you mean "check that the purported source has a PTR entry that
makes sense" and "check for PTR values that scream Joe Sixpack home connections".

There's two basic cases:

1) If there's a valid PTR record, and it says the source is in a cablemodem or
DSL swamp someplace, it's quite likely a zombied PC spewing spam.  In general,
that first hop from the user's machine *should* be via port 456 or 587 to a
mail server they can authenticate to.

2) If there *isn't* a valid PTR record, it *probably* is indicative of a lack
of overall clue at the provider, and thus a higher likelyhood that the mail is
coming from a compromized box the provider doesn't even realize has a problem.

In neither case is it proof positive that the mail is spam, but it certainly
rates right up there with brown M&Ms being found backstage at a Van Halen
concert - definitely time to apply extra scrutiny. As David Lee Roth said:

"Van Halen was the first band to take huge productions into tertiary,
third-level markets. We'd pull up with nine eighteen-wheeler trucks, full of
gear, where the standard was three trucks, max. And there were many, many
technical errors - whether it was the girders couldn't support the weight,
or the flooring would sink in, or the doors weren't big enough to move the gear
through.

The contract rider read like a version of the Chinese Yellow Pages because
there was so much equipment, and so many human beings to make it function. So
just as a little test, in the technical aspect of the rider, it would say
"Article 148: There will be fifteen amperage voltage sockets at twenty-foot
spaces, evenly, providing nineteen amperes..." This kind of thing. And
article number 126, in the middle of nowhere, was: "There will be no brown
M&M's in the backstage area, upon pain of forfeiture of the show, with full
compensation."

So, when I would walk backstage, if I saw a brown M&M in that bowl... well,
line-check the entire production. Guaranteed you're going to arrive at a
technical error. They didn't read the contract. Guaranteed you'd run into a
problem. Sometimes it would threaten to just destroy the whole show. Something
like, literally, life-threatening. "

http://www.snopes.com/music/artists/vanhalen.asp

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: