[SHAME] Spam Rats

Rich Kulawiec rsk at gsp.org
Thu Jan 10 13:39:03 UTC 2013


On Wed, Jan 09, 2013 at 09:27:17PM -0600, Chris Boyd wrote:
> We're small shop, but our policy is not to accept email from addresses
> without PTRs.  And we have a long list of pool/dhcp/dyn/resnet PTRs we
> don't accept mail from as well.

This is (and has been) a best practice for most of a decade, ever since
the rise of the zombies.  Real mail servers have matching A and PTR
records, and real (i.e., non-generic) FQDN hostnames.  They also
HELO/EHLO with real, non-generic FQDN hostnames that resolve, and
which (preferably) match that in the A record.  Everything else is
at best suspect and probably either (a) a zombie or (b) incompetently run.

Thus -- and these are examples seen in a local spamtrap in the last
few hours -- none of these should be permitted to even *attempt* to
deliver mail to real live addresses:

	2.132.135.33	(no rdns)
	37.44.121.227	(no rdns)
	41.97.154.184	(no rdns)
	41.191.104.24	(no rdns)
	46.177.235.253	ppp046177235253.access.hol.gr
	60.254.50.150	50.254.60.150.hathway.com
	64.25.225.52	(no rdns)
	74.7.101.50	(no rdns)
	77.126.116.112	(no rdns)
	79.180.105.90	bzq-79-180-105-90.red.bezeqint.net
	80.232.221.197	(no rdns)
	81.248.60.11	lcayenne-151-5-11.w81-248.abo.wanadoo.fr
	85.30.103.215	(no rdns)
	88.77.212.175	dslb-088-077-212-175.pools.arcor-ip.net
	89.223.2.149	ip-149.2.223.89.net.unnet.ru
	93.86.110.126	93-86-110-126.dynamic.isp.telekom.rs
	95.140.197.66	host-95-140-197-66.customers.adc.am
	110.49.235.132	(no rdns)
	117.6.200.103	(no rdns)
	117.212.210.190	(no rdns)
	120.61.90.56	triband-mum-120.61.90.56.mtnl.net.in
	122.163.226.123	abts-north-dynamic-123.226.163.122.airtelbroadband.in
	122.166.232.127	abts-kk-static-127.232.166.122.airtelbroadband.in
	123.24.97.69	dynamic.vdc.vn
	123.24.198.246	(no rdns)
	178.126.109.101	(no rdns)
	190.66.167.111	(no rdns)
	195.128.253.152	ip253-152.dl.uz.ua
	200.56.5.180	200-56-5-180.dynamic.axtel.net
	200.67.199.254	dsl-200-67-199-254-sta.prod-empresarial.com.mx
	201.230.49.12	client-201.230.49.12.speedy.net.pe
	206.55.180.8	(no rdns)
	213.175.137.146	(no rdns)
	220.227.74.69	(no rdns)
	222.124.11.26	26.subnet222-124-11.astinet.telkom.net.id
	222.253.178.173	localhost

---rsk



More information about the NANOG mailing list