ietf-smtp
[Top] [All Lists]

The anti-abuse rDNS check that FTP gave up

2011-09-23 14:04:59

Hi all!

I recall several FTP servers used to deny anonymous access to clients
calling from IP numbers without rDNS record.  Perhaps it was the
default configuration of some package.

Most SMTP servers duly lookup the client's IP and annotate the
resulting name as comment in Received fields.  However, I don't recall
denying SMTP access based on the "iprev" test (as RFC 5451 named it.)
 Was it ever à la mode to do so?

The reason why I'm asking is to estimate the effectiveness of an
"arpa-whitelist".  This would be a DNS domain similar in structure to
in-addr.arpa, except that its content would be derived from
abuse-contact data of RIRs' whois databases.  For example,

   192.0.2.3.abuse-contact.arpa. TXT "abuse(_at_)example(_dot_)com"

That way, abuse-contact.arpa can work as a "quick fix using DNS" for a
functionality that various whois++, rwhois, and crisp/iris failed to
provide.  And it can also work as a whitelist, to exclude a number of
questionable assignments.  Whois settings are less sensitive to
occasional name changes than rDNS.  Thus, an arpa-whitelist might work
a bit better than iprev.

For IPv6, the whitelist of mailers at http://www.ipv6whitelist.eu/
didn't spread beyond the Netherlands.  Would hosting at arpa have
bestowed a better fate upon it?

<Prev in Thread] Current Thread [Next in Thread>