On Mon, 29 Jan 2007, Daniel Taylor wrote:
This is a precaution against DNS spoofing the sending system that
interlocks nicely with SPF by assuring that the IP address in question
belongs to who it claims to belong to.
Well, the majority of the 11000 domain forgeries coming into my
system every day have perfectly good rDNS records from big ISPs.
A small sample:
n28 04:03:24 [2934] connect from ips168.greatsolidfoundation.com at
('65.175.92.168', 52989) EXTERNAL
2007Jan28 04:03:24 [2937] connect from 71-13-88-230.static.bycy.mi.charter.com
at ('71.13.88.230', 4019) EXTERNAL DYN
2007Jan28 04:03:24 [2938] connect from us.thecolomergroup.com at
('12.111.136.34', 27661) EXTERNAL
2007Jan28 04:03:24 [2939] connect from cpe-76-179-249-190.maine.res.rr.com at
('76.179.249.190', 3366) EXTERNAL DYN
2007Jan28 04:03:24 [2936] connect from cpe-70-95-190-120.hawaii.res.rr.com at
('70.95.190.120', 20736) EXTERNAL DYN
I am guessing that this policy is a reaction against groups that blacklist
entire IP blocks because of one spamming IP. It sure doesn't help stop
domain forgery.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735