Auteur: Thomas Hochstein Datum: Aan: exim-users Onderwerp: Re: [exim] Automatic Whitelist Generation - Why wouldn't this work?
Marc Perkel schrieb:
> One thing that spammers can't spoof is RDNS.
That is plain wrong. Most probably don't control the rDNS entries for
their IP space, but it is far from impossible.
> So if the RNDS of an IP is
> xxx.xxx.amd.com then we know the email is ham.
No. We do know that only if xxx.xxx.amd.com resolves to that IP, too.
Anybody who has control over the rNDS entries for an IP can setup a
PTR record of "xxx.xxx.amd.com" in the same way anybody who has
control over the DNS entries for a domain can setup an A record
pointing to any IP.
> Suppose that we start
> with a list of companies that we know that any email that comes from
> those hosts will always be ham
How can we know that? What infected hosts in their networks? What
about employees ("road warriors") whose authentification data is
stolen?
Especially (larger) ISP will *always* send - at least small quantities
- of spam due to infected dialup hosts and malicious customers. Much
more interesting is how *large* that problem is and what they do to
mitigate it (their AUP, the kind and speed of their reaction, do they
identify their customers so that they can keep them from
re-registering, etc.).