ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Asrg] RDynamic addresses

2006-01-27 06:00:24
from [Daniel Feenberg] [Permanent Link] 


On Thu, 26 Jan 2006, Walter Dnes wrote:


  If my rules reject the 1st time, they end up rejecting all 3 or 15 or
50 attempts.  The rejection is usually due to rDNS that smells dynamic,
or total lack of rDNS.



If I may pick up on this point and change the subject a bit ...

The spam bucket for some mailing lists we maintain here at nber.org has
accumulated uncounted messages from 6,491 unique connecting IP
addresses. This count is after filtering by Spamhaus and MAPS - we want
to learn the marginal effectiveness of further filtering. given that we
already do some easily justified filtering.  (see
http://www.nber.org/sys-admin/dnsbls-compared.html for my
justification).

Of these only 874 (13%) had an existing RDNS that did not reek of dynamic
assignment. That is, did not include the strings "dsl", "dynamic", "dial"
or "pool" and did not have any all-digit components.

So by adding that test, it looks like we could dramatically reduce the
remaining spam burden we face. But I wonder why the DNSBLs don't do that.
I have seen the suggestion that many legitimate mailservers have such
addresses. Is this really true? I never see them in my own incoming mail,
and I don't have access to a more general sample of known good mail. Can
anyone here cite specific legitimate MTAs that have such addresses?
Presumably if you reject dynamic sounding addresses, then you have a
whitelist for some MTAs. Would you care to characterize it, or post it? Is
it all individuals hosting their own mail server, or do some firms and
ISPs make this mistake? 

Every week on NANAE there seem to be several operators of such MTAs
posting queries about why they are blocked, but those people seem to be
individual hobbyists worried that their ISP is reading their mail, and I
don't know if they persist or give up.

We haven't checked for matching forward and reverse DNS, that seems to
harsh for us (although I applaud anyone else doing so).

So, how does it work for you?

Daniel Feenberg




_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Asrg] Spammers probing for whitelisted addresses?, Walter Dnes
Next by Date:  [Asrg] Re: RDynamic addresses, Frank Ellermann
Previous by Thread:  [Asrg] Spammers probing for whitelisted addresses?, Walter Dnes
Next by Thread:  [Asrg] Re: RDynamic addresses, Frank Ellermann
Indexes:  [Date] [Thread] [Top] [All Lists]