Re: Reverse DNS Lookup

From: Alun Jones (alun@texis.com)
Date: 11/14/02 

From: alun@texis.com (Alun Jones)
Date: Thu, 14 Nov 2002 19:18:40 GMT

In article <4JPA9.7$Xq1.1055@paloalto-snr1.gtei.net>, Barry Margolin
<barmar@genuity.net> wrote:
>In article <20021113223020.15487.00000568@mb-cr.aol.com>,
>Determine99 <determine99@aol.com> wrote:
>>How does reverse DNS lookup help SMTP in performing authentication? Any
>>explanation would be greatly appreciated.
>
>It's not useful directly in authentication, but it makes troubleshooting
>easier. The server can put the hostname of the client in the "Received"
>header. This saves you the trouble of performing the lookup when you're
>trying to trace back the origination of a message.

It's also fairly common in servers to map from the source IP address to a
name, and from that name forward to an IP address, to see if they match. In
that way, you're likely to _really_ be talking to the host whose name is that
claimed by reverse DNS.

Let's say, for instance, that I am authoritative for the 168.192.in-addr.arpa
name space - I could very easily claim that 192.168.1.1 is
billg.microsoft.com. A lookup to a name server that is authoritative for
microsoft.com would, however, dispel that myth quite quickly.

It's not inviolable, because the DNS system isn't exactly the most fortified
system on the planet - it's perhaps not even as reliable a means of identity
as a Verisign certificate for microsoft.com. But it's another 'red flag' that
most hackers / spammers seem to forget that they are waving.

Of course, it's not conclusive, and there may be false positives, but if more
servers used it, we might be able to start persuading ISPs to make it
mandatory, and tracking/blocking spammers would become a much easier game. At
the expense, of course, of a significant amount of traffic prior to accepting
any given connection :-(

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.] 

-- 
Texas Imperial Software   | Try WFTPD, the Windows FTP Server. Find us at
1602 Harvest Moon Place   | http://www.wftpd.com or email alun@texis.com
Cedar Park TX 78613-1419  | VISA/MC accepted.  NT-based sites, be sure to
Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for XP/2000/NT.

Relevant Pages

  • RE: Excessive reverse lookups.
    ... I suggest you first check the Reverse DNS ... Lookup option on Exchange server. ... Incoming Messages" option is located on the "Default Virtual SMTP Server ... Microsoft is providing this information as a convenience to you. ...
    (microsoft.public.exchange2000.admin)
  • Re: Error code sending mail
    ... The problem is that your IP address does not have reverse DNS enabled. ... What this means is that the server tried to do a lookup ... reverse lookup failed)', Port: 25, Secure: No, Server Error: 550, Error ...
    (microsoft.public.windows.vista.mail)
  • Re: Question about Reverse DNS Lookup and PTR Record
    ... they might be using an helo lookup as well. ... virutal server under advanced, far tab at the right, don't recall what it ... > domainname.com and then check the PTR record, ... This reverse DNS fails under the DNSstuff.com ...
    (microsoft.public.exchange2000.admin)
  • Re: Comcast Email Problems
    ... Our ISP needs to have reverse dns entries ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... Please run command "ipconfig /all" on the server ...
    (microsoft.public.windows.server.sbs)
  • Re: Cannot email to Gmail accounts
    ... All looks well, and yeah, the headers still had google's rdns resolving to smtp.robertsonmfg.com so the rDNS change you requested had not propogated to google's cached version. ... And because google used the cached lookup and the email wasn't rejected, it doesn't explain why it worked for my acocunt and not your other gmail accounts. ... The problem does not seem to be your server in any way. ... Regarding the answer to your reverse DNS question, no, ...
    (microsoft.public.windows.server.sbs)