On Wed, Mar 03, 2004 at 05:05:25PM -0600, Gordon Fecyk wrote:
MTAMARK does this.
Problem: Small ISPs and small to medium enterprises don't control rDNS.
North American ISPs are LAZY in this regard. [1] They won't use RFC 2317 and
in many cases won't bother changing PTR records for you, never mind add new
records to their rDNS zones.
Something has to be changed if we want to get the spam problem under
control. So with everyone running around saying "but this has to be
changed" will not change something especially not the spam problem ;-)))
DNS maintenance is something that is there for years. All you have to do
is revive it a bit for the rDNS tree and as soon as their customer will
not be able to send out email any longer all the lazy ISPs will either
get things going fast or they will loose their customers. It's as easy
as that.
And how often do you change your mailserver? The addresses of our
mailservers (and most of our customers) haven't changed in years.
Another IMHO more grave problem with solutions like e.g. SPF is that
they are too complicated. I'd bet that about 2 percent of our domain
customers will manage it to add correct SPF records to their domains
or even provide relevant information so that we could add it for them
and I don't think this percentage will be much different with other ISPs.
So nothing will change. The big companies that also have possibilities
now to deal with forgeries will be more save and the small/private
customers will suffer from forgeries and as the number of domains with
SPF records will be small none can block non-SPF aware domains without
blocking 99% of legitimate traffic.
[1] This comes from ten years consulting experience. Experiences on
non-North-American ISPs, anyone?
We try to keep our rDNS as accurate as possible. But in Germany there
are a lot of ISPs that think rDNS is kinda obsolete and nobody cares
anyway. So all they come up with is - like in most of North-America and
the rest of the world - they use some fumbled IP address as name in hex,
arabic and some also in latin numbers like
200-232-12-133.hsm.com.br:200.232.12.133
ip-111.net-81-220-35.lyon.rev.numericable.fr:81.220.35.111
adsl-64-109-109-201.dsl.gdrpmi.ameritech.net:64.109.109.201
ip503cd44b.speed.planet.nl:80.60.212.75
dcxxv.pdyn.saunalahti.fi:62.142.69.226
ymccliii.dsl.saunalahti.fi:62.142.153.153
From our experience the statement of Philip Miller (other reply to the same
message) about RIPE is not true.
\Maex
--
SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
proportional to the amount of vacuity between the ears of the admin"