[Mimedefang] OT: DNS sanity check
Les Mikesell
les at futuresource.com
Thu Jul 5 18:49:32 EDT 2007
John Rudd wrote:
>>> In other words, lazy sysadmins and/or ignorant management above the
>>> sysadmins that keeps the sysadmins from doing the right thing.
>>
>> Yes, something I'd expect at a lot of businesses whose primary
>> business is not being an ISP, but where a large amount of legitimate
>> email will originate.
>
> Business which do this are the equivalent of business whose primary
> marquis or sign is written in crayon on cardboard.
>
> Do you buy your server equipment from businesses which look/act that
> unprofessional?
Buy? Don't you have a service or something of value that you provide
yourself?
> I'm certainly not interested in dealing with rinky-dink operations like
> that.
Even as a customer/client? Does everyone who should be receiving the
mail you are rejecting feel that way?
>>> a) hosts that aren't being properly managed, and thus are likely
>>> targets for exploits such as spambots and virusbots, or
>>
>> But these are most likely on ISP managed connections.
>
> I'm not sure what relevance that comment has. It doesn't matter to me
> whether it's an ISP managed address, a government managed address, an
> edu managed address, a large business managed address, etc. What
> matters is whether or not it's poorly managed, and thus a predictor for
> being exploitable, and thus a predictor of having been exploited.
Do you actually have a substantially higher spam ratio from sites that
fail this test _before_ you add the 5 points?
> _Who_ is poorly managing it is pretty much a non-issue.
No, I think the well-managed addresses ones will be the ISP handoffs to
individuals which will be the poorly managed hosts, and the ones that
fail the test will be businesses that know more about computers than the
internet.
>>> b) hosts that aren't supposed to be sending email out of their own
>>> domain at all (the hosts that don't have PTR records, or matching PTR
>>> and DNS records, and aren't in the mismanaged category, probably
>>> weren't intended to be talking to the outside world at all).
>>
>> And these will be NATed at an ISP-managed gateway.
>
> If that were true, I wouldn't be getting the results I get.
I think the results you get will depend very much on the reasons small
businesses or individuals there might have to send email to your domain.
--
Les Mikesell
lesmikesell at gmail.com
More information about the MIMEDefang
mailing list