Reverse DNS Question
schampeo at hesketh.com
Wed Apr 21 17:39:14 CDT 2010
on Tue, Apr 20, 2010 at 11:39:11PM -0500, James Hess wrote:
> EXCEPT.... that is just an example, don't actually use a hostname
> like "ip192-0-0-1.example.com." in real life.
> [*] Certain overly aggressive blacklists assume that the host must be
> a dynamic / dial-up user due to the presence of "192-0-0-1", which
> is recognized to be an IP address, so be careful.
While I don't consider my project to be "over-aggressive", you should be
aware that many antispam filtering systems do classify hostnames as a
class by their naming convention (in my case, I have ~52K patterns for
naming conventions in around 27K domains, classified by assignment and
other types and where possible by the technology in use eg static/dsl,
dynamic/dialup) and use those classifications to determine policy.
So, if you're intending to do the right thing here WRT your PTR naming,
it'd behoove you to indicate at the very least whether these are to be
used by end users (who are more likely to be infected with bots),
whether they're dynamically or statically assigned, whether they're
legit sources of mail, etc. Best current practice is to allow customers
running mail servers to assign custom and appropriate names to said
hosts (including PTR, not just A).
Also, to make it easier for folks running older MTAs without decent
regex support to block unwanted bot mail try to keep the most
significant token to the right hand side, a la
So they can block all mail from dynamics with a simple 'dyn.example.net'
instead of having to collect access.db entries for every city you happen
to provide access to. The rest of the Internet thanks you in advance ;-)
Having some comment or memo in your SWIP for the block that indicates
what the block's IPs are to be used for is also helpful, as when the PTR
is obscure and unhelpful rwhois is the next obvious place to turn for
I've written up some tips and hints here:
As for those supposed blacklists that treat n-n-n-n as an obvious
dialup, they're going to run into a lot of trouble if they try to
classify any of these hosts that way (they are in all likelihood MXen
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2553 w: http://hesketh.com/
antispam news and intelligence to help you stop spam: http://enemieslist.com/
More information about the NANOG