Security Basics mailing list archives
Re: educating rDNS violators
From: Niek <niek () packetstorm nu>
Date: Thu, 26 Aug 2004 09:03:53 +0200
On 8/25/2004 1:08 PM +0200, Derek Schaible wrote:
The way this helps spam reduction is that the vast majority of spam comes from exploited machines running rogue MTAs or some script kiddie
Correct.
on their DSL or cable modem. Such hosts will typically not have a valid rDNS entry. Additionally, if a company is sending legitimate email they
In my experience almost all 'western' isps have rdns set on their customer broadband/dialup ipranges. Sometimes an isp was assigned a new block, it can take a while, but it usually gets in place. Rdns is however missing on the majority of Asian ipblocks. I block China, Korea, and a few other countries with dns blacklists. 90% of the blocked Asian ips do not have (valid) rdns.
will have no issues with you verifying their hosts in this manner. Many spam attempts will spoof a name of an smtp server that most people will allow. Adding rDNS stops this action.
Names of smtp servers will still be spoofed even if rdns is in place. Only something like caller-id/sender-id/spf/domainkeys/'something better than before mentioned' solutions will help cut it down a bit.
Mail servers should have correct DNS info. Forward and reverse. It is the sysadmin's responsibility to ensure that their systems are configured properly. Period.
Hail. Too bad most smtp administrators have no clue. They install sendmail/exchange/whatever, make sure it works, and never look back.
Of course, there are some companies with correctly configured DNS who are spam friendly and this tactic will not block them. However, those companies are few in comparison to the hacked/violated/kiddie machines that will not have correct DNS info. These spam-friendly systems with correct DNS info are trivial to black list.
Already layed out, that this is not the case.
Hope this helps, too!
Moral of this all. If you decide to block hosts with missing or incorrect rdns, you will loose mail. Period. If you decide to block hosts with missing or incorrect rnds, you will still receive spam. Period. Regards, Niek Baakman -- _______________________________________________________________________________ Read about mime: ( ) http://www.geoapps.com/nomime.shtml Read about quoting: X http://www.netmeister.org/news/learn2quote.html Read about disclaimers: / \ http://www.goldmark.org/jeff/stupid-disclaimers --------------------------------------------------------------------------- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ----------------------------------------------------------------------------
Current thread:
- educating rDNS violators SMiller (Aug 23)
- Re: educating rDNS violators token (Aug 24)
- Re: educating rDNS violators Derek Schaible (Aug 25)
- Message not available
- Re: educating rDNS violators Derek Schaible (Aug 25)
- RE: educating rDNS violators David Gillett (Aug 26)
- Re: educating rDNS violators token (Aug 26)
- RE: educating rDNS violators David Gillett (Aug 30)
- Re: educating rDNS violators Derek Schaible (Aug 25)
- Re: educating rDNS violators token (Aug 24)
- Re: educating rDNS violators Niek (Aug 26)
- Re: educating rDNS violators Derek Schaible (Aug 30)
- Re: educating rDNS violators James Kelly (Aug 25)
- Re: educating rDNS violators Bryan S. Sampsel (Aug 25)
- Re: educating rDNS violators SMiller (Aug 26)
- Re: educating rDNS violators Derek Schaible (Aug 25)
- Re: educating rDNS violators Mark Reis (Aug 28)
- Re: educating rDNS violators Derek Schaible (Aug 30)
- Re: educating rDNS violators Bryan S. Sampsel (Aug 30)