In message
<200303182005(_dot_)h2IK5WpT003625(_at_)turing-police(_dot_)cc(_dot_)vt(_dot_)edu>,
M Wild <asrg(_at_)wildm(_dot_)com> wrote:
1) Some 30% of IPs don't have proper PTR entries, according to a result posted
by Christian Huitema to the IETF list a while ago.
Actually, I would say that something more like 98% of all IPv4 address
space has no reverse DNS.
That's the bad news.
The good news is that the vast majority of THAT un-rDNS'd space contains
-ZERO- well maintained mail servers that I personally feel any compelling
need to accept mail from, by default.
Of course, when/if the owners or users of those machines find that they
are blocked while trying to send mail to any address in the monkeys.com
domain, they are cordially invited to use the contact form on my web
site and request special whitelisting for their specific IP address(es)...
which I gladly provide to any non-spammer that requests it.
Regards,
rfg
P.S. Recently, a couple of major ISP... specifically AT&T and RoadRunner...
tried, and failed, in implement filtering of IP addresses that have no
reverse DNS. The problem in both cases was that this change created far
too many complaints, once it was first switched on, from the respective
customer bases.
The problem is that both companies began the implementation of this in
a rather dumb way. They just stopped accepting mail from hosts with no
reverse DNS, period. As far as I have been able to determine, they
FAILED collect their own mail servers logs for a few months prior to
the change-over, and they FAILED to whitelist all of the IPs that may
not have had proper reverse DNS, ever, but that nontheless had no black-
marks against them (i.e. not listed in the SBL, not listed in ORDB, not
listed in the UPL) _and_ that had already been sending mail... perhaps
lots of it... to these respective ISPs, and their respective customer
bases already, and in some cases for a long long LONG time.
As a friend of mine put it recently ``Would you switch your personal
mailbox to a pure whitelist-based systems and NOT at the same time
pre-initialize you personal whitelist with the entier current contents
of your own address book?'' No! Of course not! Pretty much the same
logic applies to switching a mail server over to rejecting mail from
no-rDNS hosts. If you a sizable ISP, and if you do it without making
special exceptions for all of the servers that had previously been
sending you legit mail, then that is, in a word, dumb.
QUESTION: What generates most complaints (and the most heated complaints)
for those ISPs that attempt to do _anything_ in the way of spam filtering?
ANSWER: When some given used has been on an existing mailing list already
FOR MONTHS and then, suddenly, it just stops arriving one day.
Moral of the Story: It's ``ok'' to stop accepting incoming e-mail from
hosts that have no reverse DNS... even if you are a major ISP... as
long as you do it in an intelligent way that doesn't instantly piss off
(at least) half of your customer base.
The problem is that an awful lot of people implement what are otherwise
good ideas, but they only think about the possible problems and/or ways
to address those as an afterthought... AFTER the customer complaints
start arriving by the truckload. And by then it's too late.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg