Re: educating rDNS violators
From: Niek (niek_at_packetstorm.nu)
Date: 08/26/04
- Previous message: David Gillett: "RE: educating rDNS violators"
- In reply to: Derek Schaible: "Re: educating rDNS violators"
- Next in thread: Derek Schaible: "Re: educating rDNS violators"
- Reply: Derek Schaible: "Re: educating rDNS violators"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 26 Aug 2004 09:03:53 +0200 To: security-basics@securityfocus.com
On 8/25/2004 1:08 PM +0200, Derek Schaible wrote:
> The way this helps spam reduction is that the vast majority of spam
> comes from exploited machines running rogue MTAs or some script kiddie
Correct.
> on their DSL or cable modem. Such hosts will typically not have a valid
> rDNS entry. Additionally, if a company is sending legitimate email they
In my experience almost all 'western' isps have rdns set on their customer
broadband/dialup ipranges. Sometimes an isp was assigned a new block,
it can take a while, but it usually gets in place.
Rdns is however missing on the majority of Asian ipblocks.
I block China, Korea, and a few other countries with dns blacklists.
90% of the blocked Asian ips do not have (valid) rdns.
> will have no issues with you verifying their hosts in this manner. Many
> spam attempts will spoof a name of an smtp server that most people will
> allow. Adding rDNS stops this action.
Names of smtp servers will still be spoofed even if rdns is in place.
Only something like caller-id/sender-id/spf/domainkeys/'something better
than before mentioned' solutions will help cut it down a bit.
> Mail servers should have correct DNS info. Forward and reverse. It is
> the sysadmin's responsibility to ensure that their systems are
> configured properly. Period.
Hail. Too bad most smtp administrators have no clue.
They install sendmail/exchange/whatever, make sure it works, and never look back.
> Of course, there are some companies with correctly configured DNS who
> are spam friendly and this tactic will not block them. However, those
> companies are few in comparison to the hacked/violated/kiddie machines
> that will not have correct DNS info. These spam-friendly systems with
> correct DNS info are trivial to black list.
Already layed out, that this is not the case.
> Hope this helps, too!
>
Moral of this all.
If you decide to block hosts with missing or incorrect rdns,
you will loose mail. Period.
If you decide to block hosts with missing or incorrect rnds,
you will still receive spam. Period.
Regards,
Niek Baakman
-- _______________________________________________________________________________ Read about mime: ( ) http://www.geoapps.com/nomime.shtml Read about quoting: X http://www.netmeister.org/news/learn2quote.html Read about disclaimers: / \ http://www.goldmark.org/jeff/stupid-disclaimers --------------------------------------------------------------------------- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ----------------------------------------------------------------------------
- Previous message: David Gillett: "RE: educating rDNS violators"
- In reply to: Derek Schaible: "Re: educating rDNS violators"
- Next in thread: Derek Schaible: "Re: educating rDNS violators"
- Reply: Derek Schaible: "Re: educating rDNS violators"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
