Threading the senderbase reputation needle
setient at gmail.com
Tue Feb 2 09:46:12 CST 2010
On Tue, Feb 2, 2010 at 10:32 AM, Drew Weaver <drew.weaver at thenap.com> wrote:
> Since email reputation is now being based on the neighborhood theory you
> must do one of the following:
> Do one of the following (hopefully #1):
> 1.) Provide custom reverse DNS for the customer. BCP for SMTP server DNS
> is matching forward and reverse DNS. Anything else is suspect...
> 2.) Set up a relay host and funnel all customers mail through it.
> Side effects of each:
> 1.) Slightly more work on the front end (but hey, even AT&T will do this
> for business DSL customers). People will know you have clue. The
> technical staff at your customers will be happy and recommend you to their
> peers (well, I guess this depends a bit on what kind of customers you
> 2.) You have taken responsibility for all your customers' outbound mail
> flows. You will need to scale an abuse desk and maintain effective
> anti-spam policies (including customer education). If you don't run an
> effective abuse desk (including blocking your own customers outbound mail
> when necessary), you will be blacklisted eventually anyway. You could
> charge extra for or outsource this ESP service.
> Okay, as I mentioned, we allow the customers to set their reverse DNS to whatever they want as long as the forward and the reverse match. we don't own the customer's domains nor do we host the DNS for 99% of them, so I'm not sure how we could enforce a rule saying that everyone on our network has to have their reverse DNS set a certain way. That is why we set it up like we did, because we can control hostnames within our domain and we can set the PTR record to match. Like I said before we're a hosting company, we sell Co-Lo, Dedicated servers, and Virtualization products.
> It seems somewhat impossible to employ either of your suggestions in our environment.
I used to work at a hosting company and we had a few solutions in
place. Whenever a client purchased a server or an additional block
of ip's, it was assigned the reverse dns related to the hostname of
their server. This even included example.com sometimes. The client
could then change it as they wish. Another option we had was an
outgoing spam filter setup with ASSP. This scrubbed all outgoing mail
for spam messages. Honestly the first option was good enough for most
people. About 99.95% of your clients assign a forward DNS for their
server/colo/virtualization products. Just make it a requirement that
they provide that before you turn up their service. This prevents
DUHLs from listing you for those generic RDNS names.
More information about the NANOG