[Asrg] Wierd reverse DNS resolution might affect spam filters

["Douglas Campbell" <doug.campbell at craniumpro.com>]

Just noticed something really strange show up in my milter logs:

2006-06-23 08:15:09.589901-07:00 [mx]
connect(821,localhost,[222.252.168.54]) 1
2006-06-23 08:15:09.968668-07:00 [mx]
helo(821,2g4i9a.oq4ihijo.comcast.net,invalid)
2006-06-23 08:15:10.453522-07:00 [mx]
envfrom(821,argv[0]=<kayepenn9v at gardener.com>)
2006-06-23 08:15:10.489847-07:00 [mx]
envrcpt(821,argv[0]=<uucp at pixelprocessor.us>)
2006-06-23 08:15:10.829801-07:00 [mx]
header(821,Message-ID,<53327639439490.8D11BD6FB3 at OQTQ>)
2006-06-23 08:15:10.869782-07:00 [mx] header(821,From,"Wilda"
<RuthieLevyex at cliffhanger.com>)
2006-06-23 08:15:10.909778-07:00 [mx] header(821,To,<uucp at pixelprocessor.us>)
2006-06-23 08:15:10.949778-07:00 [mx] header(821,Subject,Hottest new offer
Diplomas Without Exams)
...

Notice the "connect" line -- it appears that reverse DNS is resolving the
offered IP address to "localhost".  samspade.org also reverse DNS's the ip
address to "localhost".  In fact, a sampling of the entire address block
containing the IP address (222.252.0.0/16) indicates that ALL the hosts in
the block are "localhost".  It might be a misconfiguration by Vietnam
Posts and Telecommunications Corp (the owner of the netblock), or a
deliberate configuration.

In any case, spam detectors who rely on "localhost" as the reverse lookup
for an IP address as a condition of passing the e-mail are at risk of
producing false negatives.



_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg