marking dynamic ranges, was fixing insecure email infrastructure

Suresh Ramasubramanian ops.lists at
Tue Jan 25 07:39:04 UTC 2005

On Mon, 24 Jan 2005 22:29:49 +0100, Markus Stumpf
<maex-lists-nanog at> wrote:
> If you look at your logfiles you will notice that > 95% of all legit
> mailservers already have working and individual revDNS.

About the rest of the post - others have commented on MTAMARK ..

I'll just point out that you are generalizing based on a case you see
in your mailserver

I havent got the time to gather stats from our production clusters
right now but a quick grep through the last week's logs on my personal
colo (lots of ISPs in india mail it, some indian users - friends,
family, large local linux lists - on it) .. I'd say that about 40% of
my legitimate email comes from IPs that don't have rDNS let alone

On our production boxes we get email from around the world for about
40 million users, and I just dont want to try blocking based on no
reverse DNS there .. just not worth the amount of legitimate email
traffic that gets filtered out.

Suresh Ramasubramanian (ops.lists at

More information about the NANOG mailing list