[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] 0. General - Administrative - for M. Wild

To: "Peter J. Holzer" <hjp-asrg@hjp.at>
Subject: Re: [Asrg] 0. General - Administrative - for M. Wild
From: Brad Knowles <brad.knowles@skynet.be>
Date: Thu, 28 Aug 2003 23:59:29 +0200
Cc: asrg@ietf.org
In-reply-to: <20030828150404.GC16712@teal.hjp.at>
List-archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <6.0.0.14.0.20030827092423.02730f58@solidmatrix.com><1062057632.15835.695.camel@delta.isode.net><20030828150404.GC16712@teal.hjp.at>
Sender: asrg-admin@ietf.org

At 5:04 PM +0200 2003/08/28, Peter J. Holzer wrote:

 Still, I don't think there are many legitimate sites which don't have an
 A record.  Requiring the sender to send a FQDN which resolves to the
 sender's IP address doesn't seem unreasonable to me (even for dynamic
 IP-Addresses, you can use dyndns.net or a similar service).

Check the recent traffic on NANOG. Because of stupidity on the part of AOL, they've been discussing this subject intensively. I've been tagging 75-90% of the recent messages as input for the BCP review.

In short, let me say that I used to think this was a good idea, but my views are in the process of changing. Maybe we could tag and score on the basis of whether or not the sender's IP address has proper reverse DNS (or whether the sender's domain name exists in the DNS and/or in some sense "matches" the IP address of the incoming connection), but I think it would be foolish in the extreme to outright reject messages on this basis.

                                                               In fact,
 looking at my log files this seems to be a very good indicator of
 legitimate mail servers (I checked several weeks of logs some time ago
 and only found one legimitate server which identified itself with an
 unresolvable name (I think the box is NATted).

I'm NAT'ed. Many people on NANOG appear to be in similar situations, or have run into them frequently.

Just because we haven't personally experienced a particular situation doesn't mean that this would necessarily make itself a good target for filtering and outright rejection.

--
Brad Knowles, <brad.knowles@skynet.be>

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.

GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- 7. BCP - Mail Administrators: Checking HELO (was: [Asrg] 0. General - Administrative - for M. Wild)
  - From: Peter J. Holzer

References:
- [Asrg] 0. General - Administrative - for M. Wild
  - From: Yakov Shafranovich
- Re: [Asrg] 0. General - Administrative - for M. Wild
  - From: David Wilson
- Re: [Asrg] 0. General - Administrative - for M. Wild
  - From: Peter J. Holzer

Prev by Date: [Asrg] 6. Proposals - DNSRBLs
Next by Date: Re: [Asrg] 4. Consent Framework - General
Previous by thread: 7. BCP - Mail Administrators (was Re: [Asrg] 0. General - Administrative - for M. Wild)
Next by thread: 7. BCP - Mail Administrators: Checking HELO (was: [Asrg] 0. General - Administrative - for M. Wild)
Index(es):
- Date
- Thread