nanog mailing list archives

RE: Criminals, The Network, and You [Was: Something Else]

From: "Jason J. W. Williams" <williamsjj () digitar com>
Date: Wed, 12 Sep 2007 10:13:00 -0600


Hi All,

It seems to me reverse DNS just isn't an acceptable anti-spam measure.
Too many broken reverses exist with smaller companies (try getting a 3rd
party to fix it). It's not that hard for a bot to figure out a DSL's
reverse entry and use that for its HELO. And there are a lot more
effective pre-processing anti-spam measures, including greylisting (with
its own problems) and reputation-based systems. 

Best Regards,
Jason

-----Original Message-----
From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of
Stephen Satchell
Sent: Wednesday, September 12, 2007 9:55 AM
To: nanog () nanog org
Subject: Re: Criminals, The Network, and You [Was: Something Else]


My mail servers return 5xx on NXDOMAIN.  If my little shop can spend not

too much money for three-9s reliability in the DNS servers, other shops 
can as well.  When I first deployed the system, the overwhelming 
majority of the rejects were from otherwise known spam locations 
(looking at Spamhaus, Spamcop, and a couple of other well-known DNSBLs).

  The number of false positives were so small that whitelisting was easy

and simple to maintain.

If a shop is not multihomed, they can contract with one or more DNS 
hosts to provide high-availability DNS, particularly for their 
in-addr.arpa zones.

It's not hard.  Nor expensive.

Paul Ferguson wrote:

Re-sending due to Merit's minor outage.

- ferg


---------- Forwarded Message ----------


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -- Robert Blayzor <rblayzor () inoc net> wrote:

The fact that they're rejecting on a 5xx error based on no DNS PTR is

a=


bit harsh.  While I'm all for requiring all hosts to have valid PTR
records, there are times when transient or problem servers can cause a
DNS lookup failure or miss, etc.  If anything they should be returning

a=


4xx to have the remote host"try again later".

Oh, wait till you realize that some of the HTTP returns are bogus
altogether -- and actually still serve malware.

It's pretty rampant right now. :-/

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.2 (Build 2014)

wj8DBQFGxR1lq1pz9mNUZTMRApQRAKCEOLpuu69A1+B4vCHQTZs+hHLKaACcD1Ak
9JNwl2i1mL08WNUQSlXBYGM=3D
=3DffuN
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


!SIG:46e80d6b62576097418713!

Current thread:

Re: Criminals, The Network, and You [Was: Something Else] Stephen Satchell (Sep 12)
- RE: Criminals, The Network, and You [Was: Something Else] Jason J. W. Williams (Sep 12)
  - Re: Criminals, The Network, and You [Was: Something Else] Andrew Sullivan (Sep 12)
  - Re: Criminals, The Network, and You [Was: Something Else] Steven Champeon (Sep 12)
    - RE: Criminals, The Network, and You [Was: Something Else] Jason J. W. Williams (Sep 12)
    - RE: Criminals, The Network, and You [Was: Something Else] Sean Donelan (Sep 12)
    - Re: Criminals, The Network, and You [Was: Something Else] Rich Kulawiec (Sep 18)
    - Re: Criminals, The Network, and You [Was: Something Else] Sean Donelan (Sep 18)
    - RE: Criminals, The Network, and You [Was: Something Else] michael.dillon (Sep 19)
    - Re: Criminals, The Network, and You [Was: Something Else] Rich Kulawiec (Sep 19)
    - Re: Criminals, The Network, and You [Was: Something Else] Sean Donelan (Sep 20)
    - Re: Criminals, The Network, and You [Was: Something Else] Rich Kulawiec (Sep 22)

(Thread continues...)