[Mimedefang] OT: DNS sanity check

Les Mikesell les at futuresource.com
Thu Jul 5 16:43:14 EDT 2007 

John Rudd wrote:

>> The ones that will fail are the  connections to businesses where the 
>> delegations are made to servers that don't bother to maintain a 
>> meaningless name for this association and for one reason or another 
>> the meaningful name is changed or never set up to match.
> 
> In other words, lazy sysadmins and/or ignorant management above the 
> sysadmins that keeps the sysadmins from doing the right thing. 

Yes, something I'd expect at a lot of businesses whose primary business 
is not being an ISP, but where a large amount of legitimate email will 
originate.

> Bringing 
> in to question what other inadequate practices they have, such as things 
> that might allow them to be an open relay, or compromised entirely to be 
> used as some other form of inappropriate traffic.

That's not so much the question as whether you are interested in the 
mail from the individuals at these locations.

>> Yes, I guess that's correct for this particular situation.  And easily 
>> handled by the delegated server for the IP range if he is willing to 
>> match it up with a meaningless name in a forward domain that he also 
>> controls - without any regard to the actual use of the address or real 
>> domain of the host(s) involved.  A real spammer would be sure to get 
>> this right...
>>
> 
> A real spammer doesn't have control over this when it comes to botnets, 
> which are the hosts that are in question:

A real spammer will have thousands of bots at his disposal and the 
ability to send rejected attempts through a different source.

> a) hosts that aren't being properly managed, and thus are likely targets 
> for exploits such as spambots and virusbots, or

But these are most likely on ISP managed connections.

> b) hosts that aren't supposed to be sending email out of their own 
> domain at all (the hosts that don't have PTR records, or matching PTR 
> and DNS records, and aren't in the mismanaged category, probably weren't 
> intended to be talking to the outside world at all).

And these will be NATed at an ISP-managed gateway.

-- 
   Les Mikesell
    lesmikesell at gmail.com

More information about the MIMEDefang mailing list