[Mimedefang] OT: DNS sanity check

Les Mikesell les at futuresource.com
Thu Jul 5 18:49:32 EDT 2007 

John Rudd wrote:

>>> In other words, lazy sysadmins and/or ignorant management above the 
>>> sysadmins that keeps the sysadmins from doing the right thing. 
>>
>> Yes, something I'd expect at a lot of businesses whose primary 
>> business is not being an ISP, but where a large amount of legitimate 
>> email will originate.
> 
> Business which do this are the equivalent of business whose primary 
> marquis or sign is written in crayon on cardboard.
> 
> Do you buy your server equipment from businesses which look/act that 
> unprofessional?

Buy?  Don't you have a service or something of value that you provide 
yourself?

> I'm certainly not interested in dealing with rinky-dink operations like 
> that.

Even as a customer/client?  Does everyone who should be receiving the 
mail you are rejecting feel that way?

>>> a) hosts that aren't being properly managed, and thus are likely 
>>> targets for exploits such as spambots and virusbots, or
>>
>> But these are most likely on ISP managed connections.
> 
> I'm not sure what relevance that comment has.  It doesn't matter to me 
> whether it's an ISP managed address, a government managed address, an 
> edu managed address, a large business managed address, etc.  What 
> matters is whether or not it's poorly managed, and thus a predictor for 
> being exploitable, and thus a predictor of having been exploited.

Do you actually have a substantially higher spam ratio from sites that 
fail this test _before_ you add the 5 points?

> _Who_ is poorly managing it is pretty much a non-issue.

No, I think the well-managed addresses ones will be the ISP handoffs to 
individuals which will be the poorly managed hosts, and the ones that 
fail the test will be businesses that know more about computers than the 
internet.

>>> b) hosts that aren't supposed to be sending email out of their own 
>>> domain at all (the hosts that don't have PTR records, or matching PTR 
>>> and DNS records, and aren't in the mismanaged category, probably 
>>> weren't intended to be talking to the outside world at all).
>>
>> And these will be NATed at an ISP-managed gateway.
> 
> If that were true, I wouldn't be getting the results I get.

I think the results you get will depend very much on the reasons small 
businesses or individuals there might have to send email to your domain.

-- 
    Les Mikesell
     lesmikesell at gmail.com

More information about the MIMEDefang mailing list