Arrogant RBL list maintainers

James Hess mysidia at gmail.com
Wed Dec 16 00:12:22 CST 2009


On Tue, Dec 15, 2009 at 11:30 PM, Adam Armstrong <lists at memetic.org> wrote:
> personally, i'd recommend not being a dick and setting valid *meaningful*
> reverse dns for things relaying mail.

Many sites don't use names that will necessarily be meaningful to an outsider.
Sometimes the non-meaningful name is the actual hostname and the
_only_ name that machine is known by,  even if the name appears
"generic" or contains an IP.   Host naming is a matter of local
network policy, and the RFCs that pertain to hostnames specify syntax
requirements only.

Some sites might want to avoid  certain "meaningful"   RDNS entries
since  spammers, hackers, and other abusive users that scan IP ranges
can utilize the  RDNS to facilitate their activities.      All
reverse DNS information is in the hands of the enemy.

For example, when spammers'  IP scanning efforts  find that an IP
address  reverses to   "mail.example.com"   the spammer will  know
to try   @example.com    e-mail addresses for  their dictionary-based
brute-force spamming.

On the other hand,  if the MTA's  IP reverses  to   something like
a152.x.example.net.

As is common for many domains.
Spammers coming in  by  scanning  large ranges of IPs,  have no
pointer to report  the  mailserver they discovered  is  @example.com
 inbound  (or outbound) mail.

Since the RDNS domain is different, and in fact generic,  which  helps
avoid  assisting the spammer  in identifying the IP as an  inbound
mail server.


--
-J




More information about the NANOG mailing list