[Top] [All Lists]

Re: The anti-abuse rDNS check that FTP gave up

2011-10-05 09:46:47

On Oct 5, 2011, at 10:23 AM, Murray S. Kucherawy wrote:

-----Original Message-----
From: owner-ietf-smtp(_at_)mail(_dot_)imc(_dot_)org 
[mailto:owner-ietf-smtp(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of 
Rosenwald, Jordan
Sent: Wednesday, October 05, 2011 6:40 AM
To: SMTP Interest Group
Subject: RE: The anti-abuse rDNS check that FTP gave up

True statement on both accounts.  I'd add to it, that invalid rDNS is
still a viable anti-abuse mechanism.  There are plenty of compromised
machine operators that are "asleep at the wheel."  Checking rDNS
scrapes off that chaff.

I generally agree, but implementing it on my small site with only a handful 
of users did lead to a number of false positive complaints that then needed 
to be handled.

It's probably not a good idea to standardize such a practice (yet?), but it 
does seem like a useful tool to have around.

IMO, any time you're basing an abuse test on something that is fundamentally 
irrelevant, it's of short-term value at best.  rDNS is such a check.