mail filtering based on reverse DNS
Erik Kline
ek at google.com
Thu Aug 11 11:15:39 CEST 2011
> Assumptions: Considering that most trojans will run from client systems that probably won't have reverse DNS entries I think this might help. MTA operators can add reverse DNS records in (almost?) all cases if they really want, so they won't be permanently harmed by this.
>
> Now, are those assumptions correct? I have heard ISPs talk about using a (powerdns based) on-request-reverse-DNS-record-generator. If we see that happening a lot such a policy might not make a big difference. And I also heard knowledgable SMBs state that they can't get reverse DNS at this point in time. So how many organizations/people *are* harmed?
Certainly I and others have thought of writing our own auto-PTR
response generator for delegated reverse zones. I see now that the
success of a PTR-verification scheme depends on ISPs *not* doing this
for every J. Random Customer.
More information about the ipv6-ops
mailing list