[170435] in North American Network Operators' Group
Re: IPv6 isn't SMTP
daemon@ATHENA.MIT.EDU (Lamar Owen)
Thu Mar 27 10:54:01 2014
Date: Thu, 27 Mar 2014 10:23:10 -0400
From: Lamar Owen <lowen@pari.edu>
To: NANOG list <nanog@nanog.org>
In-Reply-To: <CAAAwwbVa6_YWBTKMxSDY3jMd1PREWHL=vNhNQhf0Yu7sKJ36=g@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 03/26/2014 08:12 PM, Jimmy Hess wrote:
> As far as i'm concerned.... if you can force the spammer to use their own
> IP range, that they can setup RDNS for, then you have practically won,
> for all intents and purposes, as it makes blacklisting feasible, once
> again!
>
> Spammers can jump through these hoops --- but spammers aren't going to
> effectively scale up their spamming operation by using IP address ranges
> they can setup RDNS on.
>
Tell that to the 100,000+ e-mails I blocked last week (and the several
hundred that got through before I was able to get all the blocks entered
into my ingress ACLs) from proper rDNS addresses where the addresses
were hopping all over a /24, a /22, three /21's, four /20's, and six
/19s in widely separated blocks. Every single address in those blocks
eventually attempted to send e-mail, and every address had proper rDNS
for the pseudorandom domain names, mostly in the .in TLD, but some
others, too (the blocks were all over, with some registed through ARIN,
some through RIPE, some through AfriNIC, and some through APNIC, with
hosters in Europe, North and South America, Asia, and Africa.) Note
that these passed full FCrDNS verification in postfix. They all had
very similar characteristics, including an embedded image payload/ad and
a couple of hundred kB of anti-Bayesian text, including the full text of
Zilog's Z80 manual at one point.
Of course, the other tens of thousands per day that get blocked for not
having rDNS from residential bots make the case for leaving rDNS (and
the FCrDNS variant) turned on, but it is not a cure-all.
