[SHAME] Spam Rats
Rich Kulawiec
rsk at gsp.org
Thu Jan 10 13:39:03 UTC 2013
On Wed, Jan 09, 2013 at 09:27:17PM -0600, Chris Boyd wrote:
> We're small shop, but our policy is not to accept email from addresses
> without PTRs. And we have a long list of pool/dhcp/dyn/resnet PTRs we
> don't accept mail from as well.
This is (and has been) a best practice for most of a decade, ever since
the rise of the zombies. Real mail servers have matching A and PTR
records, and real (i.e., non-generic) FQDN hostnames. They also
HELO/EHLO with real, non-generic FQDN hostnames that resolve, and
which (preferably) match that in the A record. Everything else is
at best suspect and probably either (a) a zombie or (b) incompetently run.
Thus -- and these are examples seen in a local spamtrap in the last
few hours -- none of these should be permitted to even *attempt* to
deliver mail to real live addresses:
2.132.135.33 (no rdns)
37.44.121.227 (no rdns)
41.97.154.184 (no rdns)
41.191.104.24 (no rdns)
46.177.235.253 ppp046177235253.access.hol.gr
60.254.50.150 50.254.60.150.hathway.com
64.25.225.52 (no rdns)
74.7.101.50 (no rdns)
77.126.116.112 (no rdns)
79.180.105.90 bzq-79-180-105-90.red.bezeqint.net
80.232.221.197 (no rdns)
81.248.60.11 lcayenne-151-5-11.w81-248.abo.wanadoo.fr
85.30.103.215 (no rdns)
88.77.212.175 dslb-088-077-212-175.pools.arcor-ip.net
89.223.2.149 ip-149.2.223.89.net.unnet.ru
93.86.110.126 93-86-110-126.dynamic.isp.telekom.rs
95.140.197.66 host-95-140-197-66.customers.adc.am
110.49.235.132 (no rdns)
117.6.200.103 (no rdns)
117.212.210.190 (no rdns)
120.61.90.56 triband-mum-120.61.90.56.mtnl.net.in
122.163.226.123 abts-north-dynamic-123.226.163.122.airtelbroadband.in
122.166.232.127 abts-kk-static-127.232.166.122.airtelbroadband.in
123.24.97.69 dynamic.vdc.vn
123.24.198.246 (no rdns)
178.126.109.101 (no rdns)
190.66.167.111 (no rdns)
195.128.253.152 ip253-152.dl.uz.ua
200.56.5.180 200-56-5-180.dynamic.axtel.net
200.67.199.254 dsl-200-67-199-254-sta.prod-empresarial.com.mx
201.230.49.12 client-201.230.49.12.speedy.net.pe
206.55.180.8 (no rdns)
213.175.137.146 (no rdns)
220.227.74.69 (no rdns)
222.124.11.26 26.subnet222-124-11.astinet.telkom.net.id
222.253.178.173 localhost
---rsk
More information about the NANOG
mailing list