Re: [Asrg] Wierd reverse DNS resolution might affect spam filters

[der Mouse <mouse at Rodents.Montreal.QC.CA>]

> 2006-06-23 08:15:09.589901-07:00 [mx] connect(821,localhost,[222.252.168.54]) 1

> Notice the "connect" line -- it appears that reverse DNS is resolving
> the offered IP address to "localhost".  [...]

> In any case, spam detectors who rely on "localhost" as the reverse
> lookup for an IP address as a condition of passing the e-mail are at
> risk of producing false negatives.

Anyone who does anything with untrusted rDNS without making sure it
crosschecks with fDNS is at risk of misfires (either way).

That is, given an address, you do an rDNS lookup and get a set of names
(usually zero or one, but not always).  Do fDNS lookups on those,
resulting in a set of addresses for each one; any which do not include
the original address in their sets should be discarded.  (If this
leaves zero names, well, treat the IP as having no rDNS.)

Anything else is asking for misfires.

I'd almost go so far as to say that if any of the names fail that
crosscheck, they *all* should be discarded (since it implies there is
forgery going on), but the net is not that well run; in addition to
forgery, there are still far too many version skews, mistakes, and
providers that don't bother to set up the one or the other....

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse at rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg