nanog mailing list archives
Re: Incoming SMTP in the year 2017 and absence of DKIM
From: "John R. Levine" <johnl () iecc com>
Date: 30 Nov 2017 16:48:28 -0500
It's a one way correlation. If the rDNS is busted, you can be pretty sure you don't want the mail. If the rDNS is OK, you need more clues.Pretty sure, but far from certain. Even this one-way correlation is rather tenuous. It’s mostly harmless because everyone knows that mail servers are filtering on this basis and legitimate senders therefore force themselves into workarounds.
Having talked to a lot of people who run large mail systems, it's much simpler than that. If you want people to accept your mail, you better have your DNS under control. If it's not important enough to you to make your DNS work, it's not important enough to me to look at what you might try to send.
Fortunately for everyone’s sake, Bj0rn, while he may not like it, seems to find a way to send his email via some mechanism that allows me to receive it from a host that has working rDNS.
Yeah, funny about that.
Spamassassin is as good an example as any and while it can be effective if you’ve got the cycles to keep it constantly updated and fed with new information and…, it’s a rather large PITA for a small site with an admin that needs to count on most things running on autopilot most of the time in order to survive.
That would be me, a daily cron job to install updates does the trick. It's not perfect but it's good enough.
People who want to be malicious are usually less willing to do so if they know that they will be identified, so actually, it does help. i.e. rarely to bank robbers sign their names to the robbery note.
Of course not. What it means is that now they attack the authentication systems. They do so in many ways, from stealing grandma's credentials on botted computers to buying SIMs in bulk to defeat schemes that want to tie a unique phone number to each account.
Regards, John Levine, johnl () iecc com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly
Current thread:
- Re: Incoming SMTP in the year 2017 and absence of DKIM, (continued)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Bjørn Mork (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Rich Kulawiec (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Steve Atkins (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Bjørn Mork (Dec 01)
- RE: Incoming SMTP in the year 2017 and absence of DKIM Keith Medcalf (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Owen DeLong (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Owen DeLong (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM John Levine (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Owen DeLong (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Grant Taylor via NANOG (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM John R. Levine (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM valdis . kletnieks (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Owen DeLong (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM bzs (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Michael Thomas (Dec 01)
- Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM John Levine (Dec 01)
- Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM Michael Thomas (Dec 01)
- Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM valdis . kletnieks (Dec 01)
- Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM Michael Thomas (Dec 01)
- Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM Grant Taylor via NANOG (Dec 01)
- Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM Michael Thomas (Dec 01)