At 1:56 PM -0500 11/19/04, Gary(_dot_)Allmond(_at_)do(_dot_)treas(_dot_)gov imposed
structure on a stream of electrons, yielding:
Reading the above mentioned draft, may I play Devil's Advocate for a minute?
First, let me preface that I am new to the group. Forgive any stupid
comments that I may make and credit them to ignorance.
My comment regards 2, the DNS entry. Knowing that spammers are
thinking of ways to get around blocks, is the following a possible
scenario?
If the IP number is: 192.2.2.3, with a domain of "bad.example.com",
the DNS entry would be: 3.2.2.192.bad.example.com. I understand that
without a problem. Suppose, just for grins (or panic), that the
spammer adds lower level domains and has a domain name of:
4.5.6.192.bad.example.com. Keeping the IP number from the example
above, the DNS entry would be: 3.2.2.192.4.5.6.192.bad.example.com.
Would this pose a problem? I know that this may be a wild scenario,
but think about some of the e-mail addresses that are used for Spam
now, this may not be that outrageous.
I think you've misunderstood the document's description of DNSBL
entries. DNSBL's are not (generally) run by spammers, but by people
providing identification of network space used by spammers and
sometimes to do other things like identifying address space owned by
particular netowrk operators or allocated into particular countries.
DNSBL entries do not exist underneath a spammer's DNS zone, but under
a zone controlled by the DNSBL operator. Using an existing DNSBL as
an example, the entries in the Spamhaus XBL look like
"3.2.2.192.xbl.spamhaus.org." A DNSBL entry is completely unrelated
to what the reverse DNS (i.e. PTR record under in-addr.arpa) for an
IP address is.
--
Bill Cole
bill(_at_)scconsult(_dot_)com
Clues for the blacklisted: http://www.scconsult.com/bill/dnsblhelp.html
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg