Author: Marc Sherman Date: To: exim-users Subject: Re: [exim] Automatic Whitelist Generation - Why wouldn't this work?
Thomas Hochstein wrote: > Marc Perkel schrieb:
>
>> One thing that spammers can't spoof is RDNS.
>
> That is plain wrong. Most probably don't control the rDNS entries for
> their IP space, but it is far from impossible.
>
>> So if the RNDS of an IP is
>> xxx.xxx.amd.com then we know the email is ham.
>
> No. We do know that only if xxx.xxx.amd.com resolves to that IP, too.
> Anybody who has control over the rNDS entries for an IP can setup a
> PTR record of "xxx.xxx.amd.com" in the same way anybody who has
> control over the DNS entries for a domain can setup an A record
> pointing to any IP.
Wow, I'm usually not a big fan of Marc's anti-spam-scheme-of-the-week,
but I think people should give him the benefit of the doubt on this
point. Usually when people say "RDNS" in an Exim context, they mean
"forward verified reverse dns", because that's what Exim does in its
RDNS tests internally. And short of hacking the DNS system itself (which
I know is doable, but its certainly not trivial), fvrdns is in fact
unspoofable.
Having said that, I do agree with the rest of the responders that the
main idea here is unworkable. You want to whitelist only the "blessed"
sending mailservers within a trusted organization, not their entire name
space.