[SHAME] Spam Rats

Rich Kulawiec rsk at gsp.org
Thu Jan 10 03:40:25 UTC 2013


On Thu, Jan 10, 2013 at 12:58:59PM +1000, Julian DeMarchi wrote:
> This is the first RBL I have seen list a /24 for lack of PTRs. Not for
> sending spam, but just PTRs alone. How do you explain this to your
> customer?

First, this would be better on mailop.

Second, they're running a DNSBL, not *the* RBL.

Third, anyone may run any DNSBL with any policy they wish: listing
IP addresses whose octets are primes, domains with the letter "j"
in their names, etc.  Provide they comply with RFC 6471, this isn't
a problem.  What *might* be a problem is how they're used and by whom,
but one of the nice features of DNSLs in operational practice is that
those with suboptimal listing policies aren't used much.

Fourth, one of the hundreds of DNSBLs may be the least of your problems.
For roughly a decade now, it's been a very good idea to refuse/defer
all mail traffic from anything which doesn't have matching PTR and
A records.  (The refuse/defer depends on whether the problem appears
to be a permanent misconfiguration or the temporary consequence of
a DNS oops.)

But again: mailop would be better for this.

---rsk



More information about the NANOG mailing list