To:
Dean Anderson <dean@av8.com>
Cc:
Andras Salamon <andras@dns.net>, dnsop@cafax.se
From:
Jim Reid <Jim.Reid@nominum.com>
Date:
Mon, 24 Mar 2003 10:47:36 -0800
In-Reply-To:
Message from Dean Anderson <dean@av8.com> of "Mon, 24 Mar 2003 11:51:15 EST." <Pine.LNX.4.44.0303241131180.25398-100000@commander.av8.net>
Sender:
owner-dnsop@cafax.se
Subject:
Re: [RETRANSMIT] Re: Radical Surgery proposal: stop doingreverse for IPv6.
>>>>> "Dean" == Dean Anderson <dean@av8.com> writes:
Dean> This is essentially an authentication. However, it is also
Dean> based on a false premise, and one that actually blocks more
Dean> legitimate mail and little spam. Most spam comes from
Dean> infected dialup hosts or rooted colo hosts, and today most
Dean> such hosts have trivial forward-reverse entries. So very
Dean> little spam is blocked using this "test".
You don't know what you're talking about. Unless you're the source of
most of my spam, you have no idea of the characteristics of my the
spam traffic I get or what are the most effective ways to deal with
it. The majority of spam I receive comes from hosts that have no
reverse DNS AT ALL. So far dropping SMTP connections from hosts with
addresses where reverse lookups return NXDOMAIN or SERVFAIL has not
caused a single false positive. Oh, and the heuristic I spoke about
just tests the result of a reverse lookup. It doesn't "authenticate"
that answer with what's in the SMTP dialogue or 822 headers.
So my example shows that there are valid and reasonable uses for
reverse lookups other than BSD rsh-style authentication which pretty
much everyone accepts is a bad idea.
#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.