RE: [Exim] AOL - SPF - and EXIM

Top Page
This message is part of the following thread:
M---++\the complete thread tree sorted by date
M++\MMMDavid Brodbeck at <-
MMMMMatthew Byng-Maddick at ->
Delete this message
Reply to this message
Author: Peter Bowyer
Date:  
To: 'Exim User's Mailing List'
Subject: RE: [Exim] AOL - SPF - and EXIM
"David Brodbeck" <DavidB@???> wrote:
> The thing is, I don't really see the point of the reverse DNS check. It
> doesn't accomplish anything. Someone claimed earlier that it's a form of
> server authentication, but it isn't really, because whoever controls
> reverse DNS for that IP can stick whatever they want in there. Looking up
> the A record tells you a lot more.
>
> For example, if I get a connection from a server that says 'HELO
> mail.whitehouse.gov', and I do a reverse lookup on its IP and find
> 'mail.whitehouse.gov', all that tells me is that the person who does rDNS
> for that netblock set that value. It's almost as easy to fake as an
> identd lookup, and those are widely regarded as useless these days. But
> if I look up the A record for mail.whitehouse.gov and find the IP matches
> the server connecting to me, I have a pretty good idea that someone at
> whitehouse.gov was involved.

Like many things, it's not particularly useful as a single test. But
statistically, connections from servers with fully compliant rDNS send
less spam than those without. (No, I've no reference for this - but
intuitively, it's true).

So, give a failure in this test a score which approximates to the right
ratio, combine it with other tests you do, and the confidence in your
detection algorithm increases.

Peter


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[Exim] exim in FIN_WAIT2, spamd in CLOSE_WAITRe: [Exim] AOL - SPF - and EXIM->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)