[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The anti-abuse rDNS check that FTP gave up



On Oct 5, 2011, at 10:23 AM, Murray S. Kucherawy wrote:

> 
>> -----Original Message-----
>> From: owner-ietf-smtp@xxxxxxxxxxxx [mailto:owner-ietf-smtp@xxxxxxxxxxxx] On Behalf Of Rosenwald, Jordan
>> Sent: Wednesday, October 05, 2011 6:40 AM
>> To: SMTP Interest Group
>> Subject: RE: The anti-abuse rDNS check that FTP gave up
>> 
>> True statement on both accounts.  I'd add to it, that invalid rDNS is
>> still a viable anti-abuse mechanism.  There are plenty of compromised
>> machine operators that are "asleep at the wheel."  Checking rDNS
>> scrapes off that chaff.
> 
> I generally agree, but implementing it on my small site with only a handful of users did lead to a number of false positive complaints that then needed to be handled.
> 
> It's probably not a good idea to standardize such a practice (yet?), but it does seem like a useful tool to have around.

IMO, any time you're basing an abuse test on something that is fundamentally irrelevant, it's of short-term value at best.  rDNS is such a check.

Keith