mail filtering based on reverse DNS
Cameron Byrne
cb.list6 at gmail.com
Thu Aug 11 17:07:10 CEST 2011
On Aug 11, 2011 3:09 AM, "Mike Jones" <mike at mikejones.in> wrote:
>
> On 11 August 2011 10:15, Erik Kline <ek at google.com> wrote:
> > Certainly I and others have thought of writing our own auto-PTR
> > response generator for delegated reverse zones. I see now that the
> > success of a PTR-verification scheme depends on ISPs *not* doing this
> > for every J. Random Customer.
> >
>
> I personally feel that the era of "all hosts should have meaningless
> reverse DNS" should be left as a historical IPv4 practice and not
> brought forward to IPv6 as the only real benefit such automatic
> records serve is saving you spending 5 seconds doing a whois lookup
+1
I like the idea of reverse only being for systems that are in the legitmate
control of the domain, ie ...not joe random subscriber of an isp.
I do think the lack of reverse helps give reputation information about the
host.
> for find a users ISP, but if you have a reason to look up an IP
> address then you'll do a whois lookup anyway even after looking at the
> hostname. Unfortunately it only takes a few ISPs doing this for other
> people to be forced to accept it. Of course routers (looking at your
> employer here!) and servers should still be set up with proper entries
> as they serve useful diagnostic purposes.
>
+1 this is reverse providing good info that builds reputation.
> Perhaps this needs a multi-stage system, reject mail from hosts with
> no reverse DNS then test for the presence of "mail" or "smtp" etc in
> the hostname and factor this in to spam filters, so
> "185479346345.customer542345.example.net" starts off with a higher
> spam rating than "mail.example.net"?
>
> I am not keen on a requirement that mail servers should be given a
> specific mail-related hostname, however it is a possible solution to
> consider with IPv6 where it is a lot easier to add additional
> service-specific addresses to a box (assuming the MTA has an option to
> bind to a specific address for outbound connections, i've not checked
> if common ones do).
>
> - Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20110811/c292cb7a/attachment.html
More information about the ipv6-ops
mailing list