Author: Eli Date: To: exim users Subject: Re: [exim] Automatic Whitelist Generation - Why wouldn't this work?
>> Maybe I'm missing something. Can I take one of my IP addresses and make >> the RDNS appear to be from xxx.amd.com and make a lookup on xxx.amd.com
>> agree?
>
> Yes you can. That's why reverse DNS information is pretty much completely
> useless when doing any type of tracing. I suggest you read up on DNS
> servers and how zonefiles work et al before going too far on speculations
> regarding DNS, especially if you're using the results to filter stuff
> (email
> in this case).
Minor self correction here... quoted more than I wanted comment on :P You
won't likely be able to make the forward lookup on amd.com agree with your
faked reverse DNS, but I won't say it's not impossible either.
On a separate note - if you're getting in to doing this much "dns work" just
trying to figure out if a message is spam or not - I'd like to mention that
DNS resolution either forward or reverse can "hang" for quite a while before
it returns a result from an authoratative server. Too many lookups and you
might be spending more time processing DNS info to figure out what a simple
local scan of the message might easily tell you with other methods. Just a
thought.