In message
<CE541259607DE94CA2A23816FB49F4A3110045(_at_)vhqpostal6(_dot_)verisign(_dot_)com>,
"Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com> wrote:
Assigning a reverse DNS name does not today imply any intention on the
part of the reverse IP address maintainer to authorize any use for the
domain.
Yes, quite so.
Most specifically, _either_ the presence or, conversely, absense of
rDNS doesn't clearly designate a given IP address as being one which
either the ``owner'' fully intends to act as an outgoing mail server
or conversely as one which the owner DOES NOT intend to act as a mail
server.
But it is often helpful to be aware of exactly such a distinction. at
the present time, large amounts of spam come from either (a) end-luser
broadband lines where the end-lusers in question are running unsecured
proxy servers (and where they are not even aware that their machines
can send e-mail, directly, via SMTP, to arbitrary other places) or else
(b) from end-luser dialup lines.
I have a simple idea that could be used to classify SMTP client as being
either ``intentional outgoing mail servers'' or not. And this idea is
largely compatible with existing practice.
Quite simply, if a given SMTP client connects to you and then says:
HELO d.e.f.g
then you look to see if any of the following names have associated MX
records:
d.e.f.g
e.f.g
f.g
g
For all MX records found for any of these names, if any of the FQDNs
in any of the MX records resolve to the IP address of the SMTP client
in question, then you know that it is an ``intentional mail server''.
Otherwise, it probably isn't.
My own outgoing mail server... and MANY others... would pass this simple
test, because it greets via `HELO mail.monkeys.com', and if you look for
MXes associated with these FQDNs:
mail.monkeys.com
monkeys.com
com
you will find that the FQDN `monkeys.com' has one, and that it resolves
to the IP addres of my outgoing mail server. Case closed! My mail server
_is_ a mail server, and it is a mail server NOT accidentally, but by my
explicit intent.
OK, now somebody will ask ``What about this thing that just greeted my
incoming mail server as `imo-97.mx.aol.com'. That is an outbound-only
server for a MAJOR domain and all of the given domain's _inbound_ MXs
are at totally different IP addresses.
No problem. We just have to figure out some inducement to get AOL
to create a (pseudo) MX record for the FQDN `imo-97.mx.aol.com'...
something like `pseudo-mx.imo-97.mx.aol.com', and then define an
A record for that that points, specifically, to the `imo-97.mx.aol.com'
server. If they do that, then they will pass the ``Is this an intentional
mail server'' test also.
One last point: End-lusers on dynamic dialups _could_ theoretically
pass this test also, *if* they make clever use of one of these so-
called ``dynamic DNS'' services. But there is an esay way to defeat
such shenanigans. All you have to do is to force your lookups (first
of the MX records and later of the A records associated with those)
to require ``authoratative'' answers. Then check the TTLs in those
answers. If it is 5 minutes or less, then they guy is on a dynamic
dialup line and is using a dynamic DNS service. Otherwise, he isn't,
and you can count of that mail server being at that same location
for awhile... probably a long while.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg