[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The anti-abuse rDNS check that FTP gave up



On 05/Oct/11 16:35, Keith Moore wrote:
> On Oct 5, 2011, at 10:23 AM, Murray S. Kucherawy wrote:
>>> -----Original Message-----
>>> From: mail.imc.org On Behalf Of Rosenwald, Jordan
>>> 
>>> True statement on both accounts.  I'd add to it, that invalid rDNS is
>>> still a viable anti-abuse mechanism.  There are plenty of compromised
>>> machine operators that are "asleep at the wheel."  Checking rDNS
>>> scrapes off that chaff.
>> 
>> I generally agree, but implementing it on my small site with only
>> a handful of users did lead to a number of false positive
>> complaints that then needed to be handled.
>> 
>> It's probably not a good idea to standardize such a practice
>> (yet?), but it does seem like a useful tool to have around.
> 
> IMO, any time you're basing an abuse test on something that is
> fundamentally irrelevant, it's of short-term value at best.  rDNS
> is such a check.

The most relevant obstacle seems to be caused by uncooperative network
providers that don't set PTR RRs.  Whether they do so for some savings
or because they are "asleep at the wheel", they can afford evading
that setup because there is low market pressure for it.

Mailbox providers never had to look for some specially cooperative
kind of ISP in order to set up a reliable MTA.  However, it seems that
there will be a relatively short period of time during which network
providers will mainly do IPv6, while MTAs will still need IPv4
addresses.  During such period, mailbox providers will have to look
for some special kind of ISP anyway.  After all, IPv4s scarceness
should increase their value, but such niche-market pressure will be
different.  Am I wrong?