[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: The anti-abuse rDNS check that FTP gave up

> On Fri, 23 Sep 2011 20:50:27 +0200, Alessandro Vesely said:
> > Most SMTP servers duly lookup the client's IP and annotate the
> > resulting name as comment in Received fields.  However, I don't recall
> > denying SMTP access based on the "iprev" test (as RFC 5451 named it.)
> > Was it ever  la mode to do so?
> At one time, the net was still small enough that it was a safe assumption that
> if you got mail from an IP address that didn't have a valid rDNS, it was (a) a
> rare event because (b) a missing rDNS meant the provider was asleep at the
> wheel.
> Now-a-days, most providers have automatic provisioning systems that assign
> rDNS for customer addresses, so most of Vint Cerf's famous 140 million
> compromised machines have an rDNS entry, which means it's not that
> effective anymore.
> (What *is* used a lot today is 'rDNS looks like a customer cablemodem/adsl
> connection')

True statement on both accounts.  I'd add to it, that invalid rDNS is still a viable anti-abuse mechanism.  There are plenty of compromised machine operators that are "asleep at the wheel."  Checking rDNS scrapes off that chaff.