On Tue, 2 Jan 2007, Seth Goodman wrote:
Stuart D. Gathman wrote on Tuesday, January 02, 2007 12:25 PM -0600:
In fact, even without an SPF record, if the HELO resolves to the
connect IP, you can be certain that the connect IP was authorized
to use that HELO by the DNS admin for the HELO domain. Reverse
DNS doesn't add anything.
It indicates control over the IP. Domains can be throwaway, but IP's
are not. If someone owns a zombie at a given IP address, they can then
publish SPF for their throwaway domain designating the zombie's IP.
Depending on the registrar, you only need a day or so for the DNS
information to propagate. Unless you reject for a dynamic IP, this
tactic is hard to beat. If you do accept connections from dynamic IP's,
the only clue is that the domain has no reputation. You could rate
limit them until they develop a positive reputation, though the cost of
throwaway domains is low enough that it may still be worthwhile.
The problem is that the admin of an MTA does *not* have control over the IP,
the ISP does. Unless you are a huge enterprise with a class C or bigger
IP range.
I have yet to meet a zombie with a valid HELO. The problem is that you
would need to provide an A record for every zombie in the field. That,
among other things, makes your list of zombies public.
You are probably thinking of SPF, where the spammer can publish something
like "v=spf1 +all", but somewhat obfuscated. I am talking about
plain old RFC2822 HELO, where the HELO name resolves to the connect IP.
So, I repeat my assertion. Checking rDNS does not help prevent zombies or
spammers.
Checking HELO does. Checking rDNS, furthermore, discriminates against
small companies who do not own a class C IP range, and no competent
ISP is available other than via dialup (too slow) and T1 (too expensive).
Although, as most of the rDNS checking is done by huge enterprises who
could care less about small companies, I think ultimately us small
companies will have to rent a virtual server somewhere for $20/mo with
working rDNS to handle email. Sigh. Yet another cost of spam.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735