Arrogant RBL list maintainers

William Herrin herrin-nanog at dirtside.com
Wed Dec 16 07:16:23 CST 2009


On Wed, Dec 16, 2009 at 7:06 AM, Mike Lieman <mikelieman at gmail.com> wrote:
> Wouldn't SPF ( RFC 4408) tell people more about where the real mailservers
> are than some half-baked idea of trying to enforce what hostnames should
> look like?
>
> What's the word for 'mail server' in Lower Sorbian, and does your algorithm
> properly detect it in a hostname?  See the problem here?

Mike,

If you really want to know, download the spamassassin code and start
reading. You'll find both the answers to how names are checked and
rankings of empirical effectiveness.


On Wed, Dec 16, 2009 at 7:15 AM, Rich Kulawiec <rsk at gsp.org> wrote:
> This is nonsense.  RDNS/DNS naming choices are a trivial obstacle to
> spammers et.al. who went over this speed bump at 70 MPH years ago and
> have been accelerating ever since.  This kind of security-by-obscurity
> tactic is far more likely to draw their attention than evade it, as any
> site using it has in effect run up a large flag with "we don't understand
> security basics" written on it and thus made itself an attractive target.

Rich,

This depends on the spammer and his methodology. A significant
fraction of spam, perhaps the majority, originates from hijacked user
PCs. For this subset of spam sources, adjusting the RNDS is an
insurmountable obstacle.

There's no magic bullet for stopping spam but there are a lot of
heuristics which eliminate a useful fraction. Using the RDNS to make
an educated guess about whether a particular machine's owners intend
it to operate as a mail server is such a heuristic.


If you must whine about antispam techniques, whine about something
important.  Filtering by IP address in a bazillion private block and
permit lists makes it very hard for large legitimate mailing list
operators to renumber when changing ISPs. The new IP address isn't on
any of the permit lists yet and it may be on block lists as a result
if its prior user. This pushes list operators towards PI, BGP and
consuming expensive real estate in your routers for a protocol which
is otherwise relatively trivial to renumber.

Regards,
Bill Herrin


-- 
William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004




More information about the NANOG mailing list