[Mimedefang] OT: DNS sanity check

John Rudd john at rudd.cc
Thu Jul 5 16:12:23 EDT 2007 

Les Mikesell wrote:
> The ones that will fail are the 
>  connections to businesses where the delegations are made to servers 
> that don't bother to maintain a meaningless name for this association 
> and for one reason or another the meaningful name is changed or never 
> set up to match.

In other words, lazy sysadmins and/or ignorant management above the 
sysadmins that keeps the sysadmins from doing the right thing.  Bringing 
in to question what other inadequate practices they have, such as things 
that might allow them to be an open relay, or compromised entirely to be 
used as some other form of inappropriate traffic.

If you lay with dogs, you get fleas.  Same thing applies here.


>> Well, aside from "is it consistent" (as I laid out), it's not really 
>> much use on its own.  I was just pointing out that you were asking 
>> about mismatches with the wrong pair of lookups.  name->IP->reverse 
>> lookups are far more likely to show a mismatch between the name and 
>> reverse than IP->name->IP lookups will show mismatched IPs.
> 
> Yes, I guess that's correct for this particular situation.  And easily 
> handled by the delegated server for the IP range if he is willing to 
> match it up with a meaningless name in a forward domain that he also 
> controls - without any regard to the actual use of the address or real 
> domain of the host(s) involved.  A real spammer would be sure to get 
> this right...
> 

A real spammer doesn't have control over this when it comes to botnets, 
which are the hosts that are in question:

a) hosts that aren't being properly managed, and thus are likely targets 
for exploits such as spambots and virusbots, or

b) hosts that aren't supposed to be sending email out of their own 
domain at all (the hosts that don't have PTR records, or matching PTR 
and DNS records, and aren't in the mismanaged category, probably weren't 
intended to be talking to the outside world at all).


Direct spam business mail servers aren't the targets of this technique. 
  Direct spam businesses are easily covered with things like Spamhaus SBL.

More information about the MIMEDefang mailing list