-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of ryanag@zoominternet.net Sent: Friday, April 01, 2005 9:24 PM To: CentOS mailing list Subject: RE: [CentOS] postfix tightening
On Fri, 2005-04-01 at 21:04 -0600, Mark A. Lewis wrote:
Riight. Ever done a reverse lookup on a RR IP? Rogers? SBC? All of them will have valid reverse entries.
See below.
http://searchcio.techtarget.com/sDefinition/0,,sid19_gci917504,00.html
"Reverse DNS (rDNS) is a method of resolving an IP address into a domain name, just as the domain name system (DNS) resolves domain names into associated IP addresses. One of the applications of reverse DNS is as a spam filter. Here's how it works: Typically, a spammer uses an invalid IP address, one that doesn't match the domain name. A reverse DNS lookup program inputs IP addresses of incoming messages to a DNS database. If no valid name is found to match the IP address, the server blocks that message."
So, here is the problem.
Lets say that Acme Widget has their mail hosted with Hostco. Acme Widget would rather not have mail.hostco.com in the mail headers for whatever reason. So, hostco doesn't setup a ptr record for it. This does not make Acme Widget or Hostco any more likely to be spammers, it just makes you more likely to drop their mail.
Now, the other side of that...
Foospam wants to send out 87 bazillion mail messages to everyone about fooagra. So, they set their mail server to helo with fooco.com and set the ptr record to be mail.fooco.com and they just danced right by all of this with very minimal effort. For that matter, you can use whatever ptr your ISP sets up for you.
The whole accountablity thing is a fallacy. I can buy a domain right now for $8, put whatever I want in the whois info and just use that for the ptr record part, it could be a throwaway domain for all I care. At the end of the day, it bought the person reciving the spam nothing.
Reverse DNS or not, you can see what IP the mail came from, you can tell who is the owner of that IP and they can find out what user has that IP. The problem is that most of them are simply unwilling to do so, they ignore mail to the abuse address or just give you a canned answer.
My point is that relying on this only makes you more likely to drop legit mail and poses no problem to the spammers.