[SHAME] Spam Rats

Rich Kulawiec rsk at gsp.org
Thu Jan 10 13:39:03 UTC 2013

On Wed, Jan 09, 2013 at 09:27:17PM -0600, Chris Boyd wrote:
> We're small shop, but our policy is not to accept email from addresses
> without PTRs.  And we have a long list of pool/dhcp/dyn/resnet PTRs we
> don't accept mail from as well.

This is (and has been) a best practice for most of a decade, ever since
the rise of the zombies.  Real mail servers have matching A and PTR
records, and real (i.e., non-generic) FQDN hostnames.  They also
HELO/EHLO with real, non-generic FQDN hostnames that resolve, and
which (preferably) match that in the A record.  Everything else is
at best suspect and probably either (a) a zombie or (b) incompetently run.

Thus -- and these are examples seen in a local spamtrap in the last
few hours -- none of these should be permitted to even *attempt* to
deliver mail to real live addresses:	(no rdns)	(no rdns)	(no rdns)	(no rdns)	ppp046177235253.access.hol.gr	(no rdns)	(no rdns)	(no rdns)	bzq-79-180-105-90.red.bezeqint.net	(no rdns)	lcayenne-151-5-11.w81-248.abo.wanadoo.fr	(no rdns)	dslb-088-077-212-175.pools.arcor-ip.net	ip-	93-86-110-126.dynamic.isp.telekom.rs	host-95-140-197-66.customers.adc.am	(no rdns)	(no rdns)	(no rdns)	triband-mum-	abts-north-dynamic-	abts-kk-static-	dynamic.vdc.vn	(no rdns)	(no rdns)	(no rdns)	ip253-152.dl.uz.ua	200-56-5-180.dynamic.axtel.net	dsl-200-67-199-254-sta.prod-empresarial.com.mx	client-	(no rdns)	(no rdns)	(no rdns)	26.subnet222-124-11.astinet.telkom.net.id	localhost


More information about the NANOG mailing list