[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The anti-abuse rDNS check that FTP gave up



On Oct 5, 2011, at 11:28 AM, Storz, Michael wrote:

> Another name for the iprev test is "Forward Confirmed reverse DNS" (FCrDNS). With Postfix you configure it with the two commands
> 
>   reject_unknown_reverse_client_hostname
>   reject_unknown_client_hostname
> 
> We use this check since years as our first defense against botnet spam with great success. In the last 7 days we rejected emails for nearly 22.000.000 recipients. 49% did not have a PTR record, 29% did not have a matching A record. Therefore the FCrDNS was responsible for 78% of all rejections. This means your statement, that this check is not working, is definitely not true.

This is a pretty ridiculous statement.  You use a dubious criterion to reject 78% of messages, and then you claim that because you did that, the check "works".

> However you have to live with a moderately false positive rate. Before we implemented the check, we analyzed out traffic for 3 months and build an automatic whitelist with 4.000 wrongly configured MTAs.

There's absolutely nothing "wrongly configured" about an MTA that doesn't have a PTR record.

> Since the beginning of the check we get about 1-2 false positives per week reported by our users. This second whitelist has 230 entries at the moment. This means about 4% of the MTAs we accept emails from are wrongly configured. We can live with that.

Just imagine how many wrongly rejected emails aren't reported.

Stupid spam filtering mechanisms are a DoS attack on email.

Keith