On Thu, 4 Jan 2007, Seth Goodman wrote:
I don't agree. While HELO is a good spam indicator today, there's no
reason for it to remain that way. If rDNS matches, you know that the
domain has paid for an IP that will quickly become useless if they spam.
The fact that DNSBL's have been successful and that spammers now favor
zombies is an indication that it will make their lives much more
difficult.
This seems to be the root of the problem. This is the SPF list, where
we are trying to shift reputation from IP based to domain based.
Checking rDNS, furthermore, discriminates against small companies
who do not own a class C IP range, and no competent ISP is available
other than via dialup (too slow) and T1 (too expensive).
This is a real concern, and it's the reason why you shouldn't reject for
lack of rDNS match, unless you are prepared to deal with complaints. It
doesn't change the fact that the existence matching rDNS gives you very
good indication that it is _not_ a spammer. Lack of matching rDNS with
no domain reputation doesn't mean that it _is_ a spammer, only that you
may wish to severely rate limit them until they develop a reputation.
All the spam that makes it to content filtering in my system has perfectly
good rDNS. (And typically sends from class C networks to boot.)
I do have a three strikes rule, requiring valid rDNS, valid HELO, or valid
SPF. That way, a competent admin can always email me regardless of whether
their ISP can do rDNS properly.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735