Security Basics mailing list archives
RE: educating RDNS violators
From: LordInfidel () directionweb com
Date: Thu, 26 Aug 2004 00:26:49 -0400
Just throwing my 2cents in this one... While I'll agree that spam is out of control, and while reverse dns helps, it's not a sure fire mechanism unless A) everyone is required to use it and B) anyone who wants to operate legitimately, has the opportunity to register their IP in RDNS. Besides the argument of "My isp does not allow RDNS", more significantly, Reverse DNS is *NOT* are requirement for SMTP transmissions as per rfc822. However, the SMTP server having a valid FQDN that can be mapped to the same ip it is claiming to be coming from, via a lookup, *is* a requirement. So until the IETF proposes a draft which revises the rfc or is superseded by another rfc; blocking smtp servers based on lack of RDNS entries, could be an "implied" violation of rfc822. Since it is not stated in the rfc that this (RDNS) is mandatory or recommended, one can not assume that implementing it, is ~not~ a violation of the rfc. Personally, I view RDNS as I do spam filters and black-lists (not the ordb mind you); if a company is willing to employ such measures then they must also be willing to accept that they will not be able to receive communication from other legitimate business', nor should they force said business' to comply with guidelines not defined in the rfc. The only exception to this would be Open-Relay's, since the very nature of an Open-relay violates well known published security practices. Hence using a service such as the ordb would be an acceptable means of filtering traffic from known open-relay's. JMHO LordInfidel -----Original Message----- From: Bryan S. Sampsel [mailto:bsampsel () libertyactivist org] Sent: Wednesday, August 25, 2004 4:39 PM To: security-basics () securityfocus com Subject: Re: educating rDNS violators I'd say a good chunk of what you're seeing with regards to reverse DNS not being set up has to do with the fact that folks are tired of fighting with ISPs when they leave and simply work with an outfit like Register.com, using the Register.com DNS servers for forward lookup. Right, wrong, or indifferent, you have to go to the IP block owner (like say Qwest) and get the reverse-DNS set up. That is not always particularly easy. I'm not defending, simply explaining. Especially with the advent of cheap business class broadband, you're seeing far lower service levels than you used to with T1 circuits. Just my observations... Sincerely, Bryan S. Sampsel LibertyActivist.org --------------------------------------------------------------------------- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ----------------------------------------------------------------------------
Current thread:
- Re: educating rDNS violators, (continued)
- Re: educating rDNS violators JGrimshaw (Aug 24)
- Re: educating rDNS violators James Kelly (Aug 25)
- Re: educating rDNS violators Bryan S. Sampsel (Aug 25)
- Re: educating rDNS violators SMiller (Aug 26)
- Re: educating rDNS violators Derek Schaible (Aug 25)
- Re: educating rDNS violators Mark Reis (Aug 28)
- Re: educating rDNS violators Derek Schaible (Aug 30)
- Re: educating rDNS violators Bryan S. Sampsel (Aug 30)
- Re: educating rDNS violators James Kelly (Aug 25)
- Re: educating rDNS violators JGrimshaw (Aug 24)
- Re: educating rDNS violators Chris Olave (Aug 24)
- Re: educating rDNS violators Eric Brown (Aug 24)
- RE: educating RDNS violators LordInfidel (Aug 26)