[Mimedefang] OT: DNS sanity check
Les Mikesell
les at futuresource.com
Thu Jul 5 16:43:14 EDT 2007
John Rudd wrote:
>> The ones that will fail are the connections to businesses where the
>> delegations are made to servers that don't bother to maintain a
>> meaningless name for this association and for one reason or another
>> the meaningful name is changed or never set up to match.
>
> In other words, lazy sysadmins and/or ignorant management above the
> sysadmins that keeps the sysadmins from doing the right thing.
Yes, something I'd expect at a lot of businesses whose primary business
is not being an ISP, but where a large amount of legitimate email will
originate.
> Bringing
> in to question what other inadequate practices they have, such as things
> that might allow them to be an open relay, or compromised entirely to be
> used as some other form of inappropriate traffic.
That's not so much the question as whether you are interested in the
mail from the individuals at these locations.
>> Yes, I guess that's correct for this particular situation. And easily
>> handled by the delegated server for the IP range if he is willing to
>> match it up with a meaningless name in a forward domain that he also
>> controls - without any regard to the actual use of the address or real
>> domain of the host(s) involved. A real spammer would be sure to get
>> this right...
>>
>
> A real spammer doesn't have control over this when it comes to botnets,
> which are the hosts that are in question:
A real spammer will have thousands of bots at his disposal and the
ability to send rejected attempts through a different source.
> a) hosts that aren't being properly managed, and thus are likely targets
> for exploits such as spambots and virusbots, or
But these are most likely on ISP managed connections.
> b) hosts that aren't supposed to be sending email out of their own
> domain at all (the hosts that don't have PTR records, or matching PTR
> and DNS records, and aren't in the mismanaged category, probably weren't
> intended to be talking to the outside world at all).
And these will be NATed at an ISP-managed gateway.
--
Les Mikesell
lesmikesell at gmail.com
More information about the MIMEDefang
mailing list