[Coco] yahoo groups
John E. Malmberg
wb8tyw at qsl.net
Sat Apr 21 14:38:50 EDT 2007
Gene Heskett wrote:
> On Friday 20 April 2007, John E. Malmberg wrote:
>> What spammers can not spoof is the rDNS for the I.P. address that your
>> mail server accepted the e-mail from.
>> From what I have been told, it has been an RFC requirement that every
>> server connected to the Internet have a valid rDNS. In that if you do a
>> lookup of the I.P. address, you get a name, and if you look up that
>> name, you can find the original I.P. address.
>> Unfortunately there are apparently a few major legitimate e-mail sources
>> that are publishing broken rDNS values so you can not just reject all
>> rDNS failures. From the estimates I have seen, rejecting on bad rDNS
>> will get you a noticeable false positive rate of between 1 and 10
>> percent. Sad, because fixing an rDNS problem is trivial for a network
>> owner, and it is a trivial check which just about every commercial mail
>> server product can enable.
> Trivial, until some PHB assigns an intern to take care of it, and by the time
> he's done, half the net is spoofed.
Not possible. rDNS can not be forged unless the DNS server belonging to
the network owner has been hacked. An ISP can only set rDNS for servers
in its own I.P. range, it can not set it for anyone else's. The system
works differently than for domain name lookups.
Because rDNS can not be forged, many mail server operators use the
values from it to for spam filtering. If they get spam from a subnet of
132.453.xxxx.example.com, they are likely to set a rule to refuse all
e-mail originating from xxxx.example.com.
The rDNS is your actual pubic server name. It does not have to match
the domain name that you purchased. But that domain name and hostname
combination is actually an alias for the true name.
It can be important to have the rDNS name contain your purchased domain
name if you are running a mail server to prevent problems if one of the
other users of your ISP gets zombied, and your ISP does not act on spam
complaints in real-time.
It is also important to make sure that the postmaster and abuse
addresses for the domains indicated by rDNS are working and actually
read, because that is where reports about problems are most likely to be
Personal Opinion Only
More information about the Coco