To:
Dean Anderson <dean@av8.com>
Cc:
Andras Salamon <andras@dns.net>, dnsop@cafax.se
From:
Jim Reid <Jim.Reid@nominum.com>
Date:
Mon, 24 Mar 2003 10:47:36 -0800
In-Reply-To:
Message from Dean Anderson <dean@av8.com> of "Mon, 24 Mar 2003 11:51:15 EST." <Pine.LNX.4.44.0303241131180.25398-100000@commander.av8.net>
Sender:
owner-dnsop@cafax.se
Subject:
Re: [RETRANSMIT] Re: Radical Surgery proposal: stop doingreverse for IPv6.
>>>>> "Dean" == Dean Anderson <dean@av8.com> writes: Dean> This is essentially an authentication. However, it is also Dean> based on a false premise, and one that actually blocks more Dean> legitimate mail and little spam. Most spam comes from Dean> infected dialup hosts or rooted colo hosts, and today most Dean> such hosts have trivial forward-reverse entries. So very Dean> little spam is blocked using this "test". You don't know what you're talking about. Unless you're the source of most of my spam, you have no idea of the characteristics of my the spam traffic I get or what are the most effective ways to deal with it. The majority of spam I receive comes from hosts that have no reverse DNS AT ALL. So far dropping SMTP connections from hosts with addresses where reverse lookups return NXDOMAIN or SERVFAIL has not caused a single false positive. Oh, and the heuristic I spoke about just tests the result of a reverse lookup. It doesn't "authenticate" that answer with what's in the SMTP dialogue or 822 headers. So my example shows that there are valid and reasonable uses for reverse lookups other than BSD rsh-style authentication which pretty much everyone accepts is a bad idea. #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.