Auteur: Marc Perkel Datum: Aan: Thomas Hochstein CC: exim-users Onderwerp: Re: [exim] Automatic Whitelist Generation - Why wouldn't this work?
Thomas Hochstein wrote: > Marc Perkel schrieb:
>
>
>> One thing that spammers can't spoof is RDNS.
>>
>
> That is plain wrong. Most probably don't control the rDNS entries for
> their IP space, but it is far from impossible.
> The can't do a fake rdns so that when you look up the name that the name
resolves to their IP.
>
>> So if the RNDS of an IP is
>> xxx.xxx.amd.com then we know the email is ham.
>>
>
> No. We do know that only if xxx.xxx.amd.com resolves to that IP, too.
> Anybody who has control over the rNDS entries for an IP can setup a
> PTR record of "xxx.xxx.amd.com" in the same way anybody who has
> control over the DNS entries for a domain can setup an A record
> pointing to any IP.
> But since they aren't amd.com they can't make xxx.xxx.amd.com resolve to
their IP.
>
>> Suppose that we start
>> with a list of companies that we know that any email that comes from
>> those hosts will always be ham
>>
>
> How can we know that? What infected hosts in their networks? What
> about employees ("road warriors") whose authentification data is
> stolen?
> If someone on the blessed list started sending spam then they would not
be on the list anymore.
> Especially (larger) ISP will *always* send - at least small quantities
> - of spam due to infected dialup hosts and malicious customers. Much
> more interesting is how *large* that problem is and what they do to
> mitigate it (their AUP, the kind and speed of their reaction, do they
> identify their customers so that they can keep them from
> re-registering, etc.).
>
>
ISPs would never be on this white list. Nor would yahoo, google, or
hotmail. I have a different list for ISPs which is my yellow or mixed
source list. It prevents those hosts from being either white listed or
black listed.