ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] Amend the RFC to require reverse DNS

2003-03-18 14:56:51
from [Hallam-Baker, Phillip] [Permanent Link] 
I do not believe that the user community is likely to take any notice.

Operational injunctions of this sort are the type of thing that the ISPs
and the general user community tend to push back on severely.

There is no existing protocol that depends on reverse DNS. As a result 
the reverse DNS is only deployed to a degree that supports advisory and
debugging type uses. Any proposal that depends on the roll out of a
production reverse DNS is requiring the hard 90% of a major infrastructure
deployment.


Another problem is knowing what the reverse DNS is telling you. All you
can do is to map an IP address to a domain name (or names). That gives
zero information about the authenticity of the information concerned.
A spammer can insert false information in the reverse DNS without obstacle.

Another practical deployment problem is the fact that a single IP can 
serve, hundreds, thousands or even tens of thousands of mail domains.
So how does the reverse DNS tell you anything of interest?

Yet another problem is that in many cases control over the reverse DNS does
not lie anywhere close to the end user. I have zero control over the 
reverse dns for the IP address I rent from Comcast. It is actually set
to an address that depends on the ethernet mac address of my nic...

But strip off the host part of the domain and I have a reverse DNS that
looks like I am in the comcast domain.


Assigning a reverse DNS name does not today imply any intention on the 
part of the reverse IP address maintainer to authorize any use for the
domain. 

                Phill



-----Original Message-----
From: M Wild [mailto:asrg(_at_)wildm(_dot_)com]
Sent: Tuesday, March 18, 2003 11:04 AM
To: asrg(_at_)ietf(_dot_)org
Subject: [Asrg] Amend the RFC to require reverse DNS


Greetings - One of the most effective anti-spam measures I have taken on my
mail servers is to require the sending mail server's IP address to reverse
resolve to the name it uses in its HELO command.  While this is a violation
of the RFC it eliminates lying machines and forces accountability on the
sending server.  Yes, I know it can be forged or spoofed however it still
significantly raises the level of effort required on the part of the
spammer.  I've had to turn this check off due to customer complaints however
I am reconsidering this decision.  Amending the RFC to *REQUIRE* correct and
complete DNS setup for a SMTP client would go a long way towards reducing my
undesired traffic.  It would also address the customer (and clueless
administrator) complaints with a simple "I am following the rules"  How can
you argue with that?

Regards
Mike

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Domain-Authorized SMTP Mail, Jim Littlefield
Next by Date:  RE: [Asrg] Domain-Authorized SMTP Mail, Hallam-Baker, Phillip
Previous by Thread:  Re: [Asrg] Amend the RFC to require reverse DNS, Chris Lewis
Next by Thread:  Re: [Asrg] Amend the RFC to require reverse DNS, Ronald F. Guilmette
Indexes:  [Date] [Thread] [Top] [All Lists]