[Top] [All Lists]

Re: The anti-abuse rDNS check that FTP gave up

2011-10-05 13:00:57

On 05/Oct/11 16:35, Keith Moore wrote:
On Oct 5, 2011, at 10:23 AM, Murray S. Kucherawy wrote:
-----Original Message-----
From: On Behalf Of Rosenwald, Jordan

True statement on both accounts.  I'd add to it, that invalid rDNS is
still a viable anti-abuse mechanism.  There are plenty of compromised
machine operators that are "asleep at the wheel."  Checking rDNS
scrapes off that chaff.

I generally agree, but implementing it on my small site with only
a handful of users did lead to a number of false positive
complaints that then needed to be handled.

It's probably not a good idea to standardize such a practice
(yet?), but it does seem like a useful tool to have around.

IMO, any time you're basing an abuse test on something that is
fundamentally irrelevant, it's of short-term value at best.  rDNS
is such a check.

The most relevant obstacle seems to be caused by uncooperative network
providers that don't set PTR RRs.  Whether they do so for some savings
or because they are "asleep at the wheel", they can afford evading
that setup because there is low market pressure for it.

Mailbox providers never had to look for some specially cooperative
kind of ISP in order to set up a reliable MTA.  However, it seems that
there will be a relatively short period of time during which network
providers will mainly do IPv6, while MTAs will still need IPv4
addresses.  During such period, mailbox providers will have to look
for some special kind of ISP anyway.  After all, IPv4s scarceness
should increase their value, but such niche-market pressure will be
different.  Am I wrong?