Re: educating rDNS violators
From: token (chip.gwyn_at_gmail.com)
Date: 08/23/04
- Previous message: CHRIS GRABENSTEIN: "RE: Images being pulled in Outlook 2003 even though don't download pictures is set?"
- In reply to: SMiller_at_unimin.com: "educating rDNS violators"
- Next in thread: Derek Schaible: "Re: educating rDNS violators"
- Reply: Derek Schaible: "Re: educating rDNS violators"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 23 Aug 2004 15:17:03 -0400 To: security-basics@securityfocus.com
On Wed, 18 Aug 2004 17:49:22 -0400, smiller@unimin.com
<smiller@unimin.com> wrote:
>
>
> Our mail administration group recently implemented blocking of all incoming
> messages from domains that cannot be resolved via reverseDNS, for purposes
> of spam prevention. Of course, there are quite a number of legitimate
> business contacts who do not have rDNS properly configured. Assuming that
> the rDNS criterion remains, the question becomes one of who will notify
> and/or educate the sender(s) about this issue. The only time-efficient way
> that I can think of to do this would be to have instructions and references
> in the body of the bounce message itself. Anyone tried that? Results?
> Other suggestions? Thanks in advance.
>
> Scott
Scott,
I've noticed that AOL has started doing this. Since they've started
I've seen the number of requests for rDNS increment by a huge amount.
In AOL's bounce message they explicitly state that the reason it was
bounced was due to no reverse DNS record existing.
However, I'm not sure exactly how this is suppose to stop spam.
Most implementations I've seen just check to see if a reverse DNS
entry exists. You can put anything you want in there. Only the
implementations that check that a reverse DNS record exists and then
checks that the forward resolves to the same IP seem to do any good.
--chip
Just my $.02, your mileage may vary, batteries not included, etc....
---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.
http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------
- Previous message: CHRIS GRABENSTEIN: "RE: Images being pulled in Outlook 2003 even though don't download pictures is set?"
- In reply to: SMiller_at_unimin.com: "educating rDNS violators"
- Next in thread: Derek Schaible: "Re: educating rDNS violators"
- Reply: Derek Schaible: "Re: educating rDNS violators"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
