marking dynamic ranges, was fixing insecure email infrastructure

• Previous message (by thread): marking dynamic ranges, was fixing insecure email infrastructure
• Next message (by thread): marking dynamic ranges, was fixing insecure email infrastructure
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 24 Jan 2005 22:29:49 +0100, Markus Stumpf
<maex-lists-nanog at space.net> wrote:
> If you look at your logfiles you will notice that > 95% of all legit
> mailservers already have working and individual revDNS.

About the rest of the post - others have commented on MTAMARK ..

I'll just point out that you are generalizing based on a case you see
in your mailserver

I havent got the time to gather stats from our production clusters
right now but a quick grep through the last week's logs on my personal
colo (lots of ISPs in india mail it, some indian users - friends,
family, large local linux lists - on it) .. I'd say that about 40% of
my legitimate email comes from IPs that don't have rDNS let alone
DNAME / MTAMARK.

On our production boxes we get email from around the world for about
40 million users, and I just dont want to try blocking based on no
reverse DNS there .. just not worth the amount of legitimate email
traffic that gets filtered out.

-- 
Suresh Ramasubramanian (ops.lists at gmail.com)

• Previous message (by thread): marking dynamic ranges, was fixing insecure email infrastructure
• Next message (by thread): marking dynamic ranges, was fixing insecure email infrastructure
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]