is reverse dns required? (policy question)
Steven Champeon
schampeo at hesketh.com
Wed Dec 1 20:02:19 UTC 2004
on Wed, Dec 01, 2004 at 02:41:00PM -0500, Valdis.Kletnieks at vt.edu wrote:
> On Wed, 01 Dec 2004 13:16:49 EST, Steven Champeon said:
>
> > FWIW, 40% or more of the inbound spam mail here comes from hosts with a
> > generic rDNS naming convention (even after DNSBLs and other obvious
> > forgery checks such as hosts using my domain(s)/IP(s) in HELO/EHLO). We
> > simply quarantine any mail from hosts without rDNS at all, and reject
> > all mail from non-whitelisted generic hosts.
>
> Any issues with dealing with the distinction between (for instance)
> FOO.generic.BAR.(com|net|org) (where generic is the 3rd level) and
> FOO.generic.BAR.co.uk (where it's a level further down)? Similarly, do you
> just treat all of *.info or *.biz as a generic swamp? Any other TLD-related
> issues you've identified in counting up that 40%?
Well, for various reasons I maintain a database of some ~7K or so naming
conventions and run my matches against all of them (using a TLD-based
right-to-left sort, but still, I know it can be done more efficiently).
The practice stems from the days (5/03) when I'd only mapped some 1500 or
so conventions.
The access.db checks are done right-to-left, too, so
Connect:dhcp.vt.edu ERROR:5.7.1:"550 go away, dynamic user"
Wouldn't catch 1.2.3.4.dhcp.vt.edu.example.com anyway.
All of my matches are currently done on the whole rDNS hostname string,
not on a subset, though I'm moving towards a left-anchored subset as it
cuts my live pats down from ~7K to ~3200 or so. (e.g., refusing mail from
hosts with names like ^h[0-f]{8}\. instead of checking all of the pats
that start with h[0-f]{8}). I've got a list of the most common 100 or so
left-anchored pat subsets, and hope to put them into practice here soon.
So I may have more feedback then.
I don't simply treat info/biz as a swamp in practice, no - despite the
fact that they're obviously pretty well flooded and swarming :/
So, no TLD-related issues of the sort you seem interested in.
--
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com
join us! http://hesketh.com/about/careers/account_manager.html join us!
More information about the NANOG
mailing list