[Coco] yahoo groups

John E. Malmberg wb8tyw at qsl.net
Sat Apr 21 14:38:50 EDT 2007


Gene Heskett wrote:
> On Friday 20 April 2007, John E. Malmberg wrote:

>> What spammers can not spoof is the rDNS for the I.P. address that your
>> mail server accepted the e-mail from.
>>
>> From what I have been told, it has been an RFC requirement that every
>> server connected to the Internet have a valid rDNS.  In that if you do a
>> lookup of the I.P. address, you get a name, and if you look up that
>> name, you can find the original I.P. address.
>>
>> Unfortunately there are apparently a few major legitimate e-mail sources
>> that are publishing broken rDNS values so you can not just reject all
>> rDNS failures.  From the estimates I have seen, rejecting on bad rDNS
>> will get you a noticeable false positive rate of between 1 and 10
>> percent.  Sad, because fixing an rDNS problem is trivial for a network
>> owner, and it is a trivial check which just about every commercial mail
>> server product can enable.
> 
> Trivial, until some PHB assigns an intern to take care of it, and by the time 
> he's done, half the net is spoofed.

Not possible.  rDNS can not be forged unless the DNS server belonging to 
the network owner has been hacked.  An ISP can only set rDNS for servers 
in its own I.P. range, it can not set it for anyone else's.  The system 
works differently than for domain name lookups.

Because rDNS can not be forged, many mail server operators use the 
values from it to for spam filtering.  If they get spam from a subnet of 
132.453.xxxx.example.com, they are likely to set a rule to refuse all 
e-mail originating from xxxx.example.com.

The rDNS is your actual pubic server name.  It does not have to match 
the domain name that you purchased.  But that domain name and hostname 
combination is actually an alias for the true name.

It can be important to have the rDNS name contain your purchased domain 
name if you are running a mail server to prevent problems if one of the 
other users of your ISP gets zombied, and your ISP does not act on spam 
complaints in real-time.

It is also important to make sure that the postmaster and abuse 
addresses for the domains indicated by rDNS are working and actually 
read, because that is where reports about problems are most likely to be 
sent.

-John
wb8tyw(at)qsl.network
Personal Opinion Only



More information about the Coco mailing list