Re: educating rDNS violators

• Previous message: Chris Olave: "Re: How to do rDNS. WAS: RE: educating rDNS violators"
• In reply to: James Kelly: "Re: educating rDNS violators"
• Next in thread: Derek Schaible: "Re: educating rDNS violators"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: James Kelly <jim@essistants.com>
Date: Wed, 25 Aug 2004 17:09:52 -0400

First, I am grateful for all of the answers received, so please do not
misinterpret the following. I will let this stand for the group of
responses that might well be summarized by the expression "tough ti11y said
the kitty, but the milk's still sweet." I don't know how much of those
respondents' critical business communications are conducted by email, but
for my employer it has become very high. We also serve a customer base and
are in turn served by a vendor base that is technologically typically
trailing edge, and composed of concerns that are highly unlikely to
understand the need or method for publishing reverse DNS mappings. Has it
been forgotten that this service (email) serves a utilitarian business
purpose? That a vitally important contract, or bid, or quote opportunity
could be irrevocably lost as the result of denying email delivery from
legitimate business partners? It isn't inconceivable that several hundred
thousand USD in revenue could swing on an undelivered email or five. All
those here who would like to admit responsibility and disclaim "But I was
blocking spam", when your CEO asks IT how such a thing could possibly have
happened, raise your hands. There is another old saw, "throwing the baby
out with the bath water". To me, it seems that an inflexible
implementation of reverse dns validation of email at this time runs the
risk of accomplishing just that. YMMV.

Scott

                                                                           
             James Kelly
             <jim@essistants.c
             om> To
                                       JGrimshaw@ASAP.com
             08/24/2004 10:31 cc
             PM security-basics@securityfocus.com
                                                                    Fax to
                                                                           
                                                                   Subject
                                       Re: educating rDNS violators
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This may then force customers to switch providers to one who properly
sets up their service.

Jim

JGrimshaw@ASAP.com wrote:
| With that in mind, with many customers using large ISPs for their public
| DNS service, a updating the bounce back message might not resolve
| anything, as the emailing site may not be in the authority to make the
| changes you have requested, and the large ISP may not have the
| wherewithall to implement such policies.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBK/nv3IzKSZsd6+oRAt52AKDBkO/xBF/TtPxMhpbxsPBVJKsYSgCfZNlJ
xXvyx3fgsswII+fYXL+Adws=
=5KM+
-----END PGP SIGNATURE-----

---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class
sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills
of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------

• Previous message: Chris Olave: "Re: How to do rDNS. WAS: RE: educating rDNS violators"
• In reply to: James Kelly: "Re: educating rDNS violators"
• Next in thread: Derek Schaible: "Re: educating rDNS violators"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]