nanog mailing list archives
Re: marking dynamic ranges, was fixing insecure email infrastructure
From: Suresh Ramasubramanian <ops.lists () gmail com>
Date: Tue, 25 Jan 2005 13:09:04 +0530
On Mon, 24 Jan 2005 22:29:49 +0100, Markus Stumpf <maex-lists-nanog () space net> wrote:
If you look at your logfiles you will notice that > 95% of all legit mailservers already have working and individual revDNS.
About the rest of the post - others have commented on MTAMARK .. I'll just point out that you are generalizing based on a case you see in your mailserver I havent got the time to gather stats from our production clusters right now but a quick grep through the last week's logs on my personal colo (lots of ISPs in india mail it, some indian users - friends, family, large local linux lists - on it) .. I'd say that about 40% of my legitimate email comes from IPs that don't have rDNS let alone DNAME / MTAMARK. On our production boxes we get email from around the world for about 40 million users, and I just dont want to try blocking based on no reverse DNS there .. just not worth the amount of legitimate email traffic that gets filtered out. -- Suresh Ramasubramanian (ops.lists () gmail com)
Current thread:
- Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet), (continued)
- Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet) Adi Linden (Jan 12)
- Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet) Steven Champeon (Jan 12)
- Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet) Valdis . Kletnieks (Jan 12)
- Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet) Dave Crocker (Jan 12)
- Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet) Valdis . Kletnieks (Jan 12)
- Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet) Suresh Ramasubramanian (Jan 12)
- Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet) Steven Champeon (Jan 12)
- Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet) Andre Oppermann (Jan 13)
- Re: marking dynamic ranges, was fixing insecure email infrastructure John Levine (Jan 13)
- Re: marking dynamic ranges, was fixing insecure email infrastructure Markus Stumpf (Jan 24)
- Re: marking dynamic ranges, was fixing insecure email infrastructure Suresh Ramasubramanian (Jan 24)
- Re: marking dynamic ranges, was fixing insecure email infrastructure Markus Stumpf (Jan 25)
- Re: marking dynamic ranges, was fixing insecure email infrastructure Valdis . Kletnieks (Jan 25)
- Re: marking dynamic ranges, was fixing insecure email infrastructure Markus Stumpf (Jan 25)
- Re: marking dynamic ranges, was fixing insecure email infrastructure J.D. Falk (Jan 25)
- Re: marking dynamic ranges, was fixing insecure email infrastructure Valdis . Kletnieks (Jan 25)
- Re: marking dynamic ranges, was fixing insecure email infrastructure Markus Stumpf (Jan 25)
- Re: marking dynamic ranges, was fixing insecure email infrastructure Suresh Ramasubramanian (Jan 25)
- Message not available
- Re: fixing insecure email infrastructure (was: Re: [eweek article] Mark Andrews (Jan 13)
- Re: fixing insecure email infrastructure (was: Re: [eweek article] Owen DeLong (Jan 13)
- Re: fixing insecure email infrastructure (was: Re: [eweek article] william(at)elan.net (Jan 13)