Perhaps I'm being na�ve, but this seems like a very good way to cause spammers to suddenly start having valid PTR RRs. Thoughts?
-j
Jeffrey Paul writes on 12/3/2003 11:39 AM:
Perhaps I'm being na�ve, but this seems like a very good way to cause spammers to suddenly start having valid PTR RRs. Thoughts?
A lot of spam these days comes from trojaned windows machines on dialup / broadband IPs.
Most ISPs in the USA and the world over already have generic PTR records (ip-foo-bar.ppp.provider.net and such) on their dhcp pools.
So, yes, the mere presence of rDNS for an IP is not an indicator that the traffic coming at your mailserver from that IP is not spam.
On the other hand, the absence of rDNS on an IP seems to often be accompanied by assorted other brokenness, such as open relays / proxies and compromised hosts.
Jeffrey Paul wrote:
Perhaps I'm being na�ve, but this seems like a very good way to cause
spammers to suddenly start having valid PTR RRs. Thoughts?
or limiting attacks for relay/proxy/trojan purposes targets that have valid
PTR records.... which of course ideally should be all of them.