IPv6 isn't SMTP

Lamar Owen lowen at pari.edu
Thu Mar 27 14:23:10 UTC 2014


On 03/26/2014 08:12 PM, Jimmy Hess wrote:
> As far as i'm concerned....  if you can force the spammer to use their own
> IP range, that they can setup RDNS for,  then you have practically  won,
>   for all intents and purposes,   as it makes blacklisting feasible, once
> again!
>
> Spammers can jump through these hoops ---  but spammers aren't going to
> effectively scale up their spamming operation by using IP address ranges
> they can setup RDNS on.
>
Tell that to the 100,000+ e-mails I blocked last week (and the several 
hundred that got through before I was able to get all the blocks entered 
into my ingress ACLs) from proper rDNS addresses where the addresses 
were hopping all over a /24, a /22, three /21's, four /20's, and six 
/19s in widely separated blocks.  Every single address in those blocks 
eventually attempted to send e-mail, and every address had proper rDNS 
for the pseudorandom domain names, mostly in the .in TLD, but some 
others, too (the blocks were all over, with some registed through ARIN, 
some through RIPE, some through AfriNIC, and some through APNIC, with 
hosters in Europe, North and South America, Asia, and Africa.)  Note 
that these passed full FCrDNS verification in postfix.  They all had 
very similar characteristics, including an embedded image payload/ad and 
a couple of hundred kB of anti-Bayesian text, including the full text of 
Zilog's Z80 manual at one point.

Of course, the other tens of thousands per day that get blocked for not 
having rDNS from residential bots make the case for leaving rDNS (and 
the FCrDNS variant) turned on, but it is not a cure-all.





More information about the NANOG mailing list