RE: educating RDNS violators

LordInfidel_at_directionweb.com
Date: 08/26/04

  • Next message: Mike: "Re: How to do rDNS. WAS: RE: educating rDNS violators" 
    To: security-basics@securityfocus.com
Date: Thu, 26 Aug 2004 00:26:49 -0400

    Just throwing my 2cents in this one...

    While I'll agree that spam is out of control, and while reverse dns helps,
    it's not a sure fire mechanism unless A) everyone is required to use it and
    B) anyone who wants to operate legitimately, has the opportunity to register
    their IP in RDNS.

    Besides the argument of "My isp does not allow RDNS", more significantly,
    Reverse DNS is *NOT* are requirement for SMTP transmissions as per rfc822.
    However, the SMTP server having a valid FQDN that can be mapped to the same
    ip it is claiming to be coming from, via a lookup, *is* a requirement.

    So until the IETF proposes a draft which revises the rfc or is superseded by
    another rfc; blocking smtp servers based on lack of RDNS entries, could be
    an "implied" violation of rfc822. Since it is not stated in the rfc that
    this (RDNS) is mandatory or recommended, one can not assume that
    implementing it, is ~not~ a violation of the rfc.

    Personally, I view RDNS as I do spam filters and black-lists (not the ordb
    mind you); if a company is willing to employ such measures then they must
    also be willing to accept that they will not be able to receive
    communication from other legitimate business', nor should they force said
    business' to comply with guidelines not defined in the rfc.

    The only exception to this would be Open-Relay's, since the very nature of
    an Open-relay violates well known published security practices. Hence using
    a service such as the ordb would be an acceptable means of filtering traffic
    from known open-relay's.

    JMHO

    LordInfidel

    -----Original Message-----
    From: Bryan S. Sampsel [mailto:bsampsel@libertyactivist.org]
    Sent: Wednesday, August 25, 2004 4:39 PM
    To: security-basics@securityfocus.com
    Subject: Re: educating rDNS violators

    I'd say a good chunk of what you're seeing with regards to reverse DNS not
    being set up has to do with the fact that folks are tired of fighting with
    ISPs when they leave and simply work with an outfit like Register.com,
    using the Register.com DNS servers for forward lookup.

    Right, wrong, or indifferent, you have to go to the IP block owner (like
    say Qwest) and get the reverse-DNS set up. That is not always
    particularly easy.

    I'm not defending, simply explaining. Especially with the advent of cheap
    business class broadband, you're seeing far lower service levels than you
    used to with T1 circuits.

    Just my observations...

    Sincerely,

    Bryan S. Sampsel
    LibertyActivist.org

    ---------------------------------------------------------------------------
    Computer Forensics Training at the InfoSec Institute. All of our class sizes
    are guaranteed to be 12 students or less to facilitate one-on-one
    interaction with one of our expert instructors. Gain the in-demand skills of
    a certified computer examiner, learn to recover trace data left behind by
    fraud, theft, and cybercrime perpetrators. Discover the source of computer
    crime and abuse so that it never happens again.

    http://www.infosecinstitute.com/courses/computer_forensics_training.html
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Computer Forensics Training at the InfoSec Institute. All of our class sizes
    are guaranteed to be 12 students or less to facilitate one-on-one
    interaction with one of our expert instructors. Gain the in-demand skills of
    a certified computer examiner, learn to recover trace data left behind by
    fraud, theft, and cybercrime perpetrators. Discover the source of computer
    crime and abuse so that it never happens again.

    http://www.infosecinstitute.com/courses/computer_forensics_training.html
    ----------------------------------------------------------------------------

  • Next message: Mike: "Re: How to do rDNS. WAS: RE: educating rDNS violators"

    Relevant Pages

    • Re: genuine bulk email
      ... several virtual hosts ie we have more than one domain name so the reverse DNS is not clear to me. ... Is the from address inspected for comparison with the RDNS ie if I claim to be sending from xxx.com should my RDNS point back to xxx.com? ... the sales people manually enter all the details. ...
      (freebsd-questions)
    • Re: reverse dns
      ... What you posted is the forward lookup zone, ... Reverse DNS works by defining a specific type of record called a PTR record and must belong in the appropriate reverse zone, usually controlled by your ISP. ... That zone will usually have a partial IP address, depending on how it is delegated, which lets rDNS lookups find the appropriate record. ...
      (microsoft.public.windows.server.sbs)
    • Re: [Full-disclosure] Reverse dns
      ... configured with reverse DNS. ... what is best for your internal network. ... > disabling reverse lookups for your NS servers? ... servers should have RDNS setup. ...
      (Full-Disclosure)
    • Re: educating rDNS violators
      ... I was under the impression that reverse DNS for the Internet was ... with many customers using large ISPs for their public ... business contacts who do not have rDNS properly configured. ... interaction with one of our expert instructors. ...
      (Security-Basics)