Threading the senderbase reputation needle
drew.weaver at thenap.com
Tue Feb 2 08:37:44 CST 2010
Has anyone come up with a reverse DNS 'pattern' that one can employ that will prevent Senderbase from assigning a poor reputation to an entire /24 because they saw an email they didn't like from a single IP address?
We're an infrastructure provider, which means that we lease servers, etc to customers and everything we do uses static IPs.
Our current 'default (before the customer changes it)' is a x.x.x.x.static.domain.com, apparently Senderbase cannot look up CIDR boundaries in the RIR database (even though we spend a lot of time making sure that we publish the CIDR information) so they just assume that each 'offender' owns the entire /24 and they also consider any 'email' from the static.domain.com domain to be the 'same offender' (which is completely silly).
The other little annoyance about their system is that we assign CIDR blocks to users (almost always a /29) these CIDRs include IP addresses like the gateway address, the broadcast address, the network address, etc and the users may only use 2-3 of the IPs in the /29, but they expect us or the user to set a 'custom looking' reverse DNS on all of the IPs in the range. Originally, we were not putting any reverse DNS on our IPs until the customer requested it (or did it themselves via our system) but then we ran into problems with some RBLs that require reverse DNS on all IPs, and other RBLs that require matching forward and reverse DNS on all IPs.
I've contacted Senderbase for advice on what specifically we need to do but they've been vague at best and I have even asked them for examples of companies who 'meet their specifications' but I wasn't given any.
I'm considering doing something like customerXXXXX.static.domain.com but then I can see other problems with that also.
More information about the NANOG