[120313] in North American Network Operators' Group
Re: Arrogant RBL list maintainers
daemon@ATHENA.MIT.EDU (Adam Armstrong)
Wed Dec 16 06:49:53 2009
Date: Wed, 16 Dec 2009 11:49:27 +0000
From: Adam Armstrong <lists@memetic.org>
To: nanog@nanog.org
In-Reply-To: <6eb799ab0912152212l793f2fd7jeabfb841c7b3b72f@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 16/12/2009 06:12, James Hess wrote:
> On Tue, Dec 15, 2009 at 11:30 PM, Adam Armstrong<lists@memetic.org> wrote:
>
>> personally, i'd recommend not being a dick and setting valid *meaningful*
>> reverse dns for things relaying mail.
>>
> Many sites don't use names that will necessarily be meaningful to an outsider.
> Sometimes the non-meaningful name is the actual hostname and the
> _only_ name that machine is known by, even if the name appears
> "generic" or contains an IP. Host naming is a matter of local
> network policy, and the RFCs that pertain to hostnames specify syntax
> requirements only.
>
> Some sites might want to avoid certain "meaningful" RDNS entries
> since spammers, hackers, and other abusive users that scan IP ranges
> can utilize the RDNS to facilitate their activities. All
> reverse DNS information is in the hands of the enemy.
>
> For example, when spammers' IP scanning efforts find that an IP
> address reverses to "mail.example.com" the spammer will know
> to try @example.com e-mail addresses for their dictionary-based
> brute-force spamming.
>
> On the other hand, if the MTA's IP reverses to something like
> a152.x.example.net.
>
> As is common for many domains.
> Spammers coming in by scanning large ranges of IPs, have no
> pointer to report the mailserver they discovered is @example.com
> inbound (or outbound) mail.
>
The 1970s called and asked for its security policy back :(
I would have thought that asking for the MXes for example.com would have
told them what the inbound mailserver is...
adam.
