Identifying residential CPE IP addresses? (was: SORBS on autopilot?)
schampeo at hesketh.com
Tue Jan 12 20:59:01 UTC 2010
on Tue, Jan 12, 2010 at 02:59:55PM -0500, Jed Smith wrote:
> 4. For other reasons laid out in this thread, PTR is not the best choice.
> Additionally, administrators of mailservers who have no idea what a PTR
> is -- although their entry fee to the Internet mail system is debatable
> it will not be discussed here -- are now punished by blocklists like
> SORBS and Trend Micro with the simple crime of not knowing to PTR their
> mail server with something that screams "static allocation, not CPE".
Mild correction: it's FAR BETTER to use something that screams
I AM A MAIL SERVER WITH A LEGITIMATE PURPOSE AND A COMPETENT ADMIN
rather than just using yet another generic static naming convention. :-)
Because using generic static naming is falling victim to the rather
baseless assumption that all statics should be allowed to send mail,
which is just ridiculous. We've got a /27 (we're a web app dev shop) and
only one of those IPs is a mail source, one is a NAT, one is a VPN box,
several others run Web servers and other services, and so could possibly
emit mail but likely only to us, and we can always whitelist if need be.
I assume that the case is similar in other organizations; their static
IPs far outnumber their canonical mail servers.
Of course, I asked for appropriate custom PTRs for all of them, but
still - the point stands, especially for those who think that generic
static PTRs are sufficient for a modern mail infrastructure. I don't
care who your ISP is, I care who you supposedly are, because if I see
that your mail server (or other hosts on your network) are infected,
compromised, or otherwise sources of abuse directed at my network, I
want to deal with /you/, not with your upstream's abuse desk triage.
> I note, with a heavy hand, that there are no widely-disseminated
> standards governing the reverse DNS of an Internet host other than this
> draft, but administrators make decisions on it anyway.
On that and on a wide variety of other criteria, yes.
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2553 w: http://hesketh.com/
antispam news and intelligence to help you stop spam: http://enemieslist.com/
More information about the NANOG