nanog mailing list archives
Re: is reverse dns required? (policy question)
From: Steven Champeon <schampeo () hesketh com>
Date: Wed, 1 Dec 2004 15:02:19 -0500
on Wed, Dec 01, 2004 at 02:41:00PM -0500, Valdis.Kletnieks () vt edu wrote:
On Wed, 01 Dec 2004 13:16:49 EST, Steven Champeon said:FWIW, 40% or more of the inbound spam mail here comes from hosts with a generic rDNS naming convention (even after DNSBLs and other obvious forgery checks such as hosts using my domain(s)/IP(s) in HELO/EHLO). We simply quarantine any mail from hosts without rDNS at all, and reject all mail from non-whitelisted generic hosts.Any issues with dealing with the distinction between (for instance) FOO.generic.BAR.(com|net|org) (where generic is the 3rd level) and FOO.generic.BAR.co.uk (where it's a level further down)? Similarly, do you just treat all of *.info or *.biz as a generic swamp? Any other TLD-related issues you've identified in counting up that 40%?
Well, for various reasons I maintain a database of some ~7K or so naming conventions and run my matches against all of them (using a TLD-based right-to-left sort, but still, I know it can be done more efficiently). The practice stems from the days (5/03) when I'd only mapped some 1500 or so conventions. The access.db checks are done right-to-left, too, so Connect:dhcp.vt.edu ERROR:5.7.1:"550 go away, dynamic user" Wouldn't catch 1.2.3.4.dhcp.vt.edu.example.com anyway. All of my matches are currently done on the whole rDNS hostname string, not on a subset, though I'm moving towards a left-anchored subset as it cuts my live pats down from ~7K to ~3200 or so. (e.g., refusing mail from hosts with names like ^h[0-f]{8}\. instead of checking all of the pats that start with h[0-f]{8}). I've got a list of the most common 100 or so left-anchored pat subsets, and hope to put them into practice here soon. So I may have more feedback then. I don't simply treat info/biz as a swamp in practice, no - despite the fact that they're obviously pretty well flooded and swarming :/ So, no TLD-related issues of the sort you seem interested in. -- hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com join us! http://hesketh.com/about/careers/account_manager.html join us!
Current thread:
- is reverse dns required? (policy question) Greg Albrecht (Dec 01)
- Re: is reverse dns required? (policy question) J.D. Falk (Dec 01)
- Re: is reverse dns required? (policy question) Robert Hayden (Dec 01)
- Re: is reverse dns required? (policy question) Steven Champeon (Dec 01)
- Re: is reverse dns required? (policy question) Valdis . Kletnieks (Dec 01)
- Re: is reverse dns required? (policy question) Steven Champeon (Dec 01)
- Re: is reverse dns required? (policy question) Valdis . Kletnieks (Dec 01)
- Re: is reverse dns required? (policy question) Steven Champeon (Dec 01)
- Re: is reverse dns required? (policy question) Andre Oppermann (Dec 02)
- Re: is reverse dns required? (policy question) Valdis . Kletnieks (Dec 02)
- Re: is reverse dns required? (policy question) Andre Oppermann (Dec 02)
- Re: is reverse dns required? (policy question) Mark Andrews (Dec 02)
- Re: is reverse dns required? (policy question) Douglas Otis (Dec 02)
- Re: is reverse dns required? (policy question) Andre Oppermann (Dec 03)
- Re: is reverse dns required? (policy question) Henning Brauer (Dec 04)
- Re: is reverse dns required? (policy question) william(at)elan.net (Dec 04)
- Re: is reverse dns required? (policy question) Robert Hayden (Dec 01)
- Re: is reverse dns required? (policy question) J.D. Falk (Dec 01)