[ExchangeList] Re: IMF config
- From: "John T \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
- To: <exchangelist@xxxxxxxxxxxxx>
- Date: Fri, 2 Jun 2006 14:16:30 -0700
OK, we are talking about 2 different things here. The original question or
intent was to block/drop based upon no PTR record.
Now, if we are talking about a test comparing the domain portion of the
sender's address to the domain portion of the PTR record if it exists, that
is a bit different. Again, the usefulness of such a test, while greater than
that of checking if a PTR record exists, is still limited for different
reasons. One major reason is newsletters and the like, which often are sent
by a service on behalf of a company whereby the domain portion of the PTR
will not be the same as the domain portion of the configured sending
address. An example off the top of my head is Dell. Their marketing material
and such come from servers who's IPs have PTRs often ending in .m01.com or
something like that yet the from address and reply to address are @dell.com.
If you are doing a drop based upon comparing the PTR to the sender, that
would be a problem.
John T
eServices For You
"Seek, and ye shall find!"
-----Original Message-----
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Taylor, George
Sent: Friday, June 02, 2006 11:03 AM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: IMF config
I'm guessing we won't agree on this point. It's not an end to beat all
ends, but it is one additional step I take. Although the infected home
computer might have a PTR record, it's not going to hit your SMTP server and
say "I'm spammer@xxxxxxxxxxxxxxxxxxxx" it's going to claim it's
john@xxxxxxxxxxxxxxxxxxx or something, therefor will never pass a reverse
lookup. As I said before, I drop the connection at that point, my
spam/virus scanners don't have to churn through the message and make the
decision.
As we all know, we'll never beat spammers, I just take this additional step
to help protect my users and my systems. Do I get false positives? You bet
and when we find them I fix them. We also get false positives from the
weighting system within Surf Control. Good example, enable a hate filter
and then explain to a group of doctors why they didn't get the detailed
invitation to a suicide prevention workshop. Everything is flawed to some
extent, we just do the best we can.
George Taylor
Systems Programmer
Regional Health Inc.
_____
From: John T (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
Sent: Friday, June 02, 2006 11:25 AM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: IMF config
George, while Jim has already discredited your view, I will chime in here as
well.
I am heavily involved in e-mail servers and the war on spam. I can tell you
very firmly that it is not standard practice to require a valid RDNS for
both the reason that is stated by Jim and others and also for the reason
that presence of a PTR means nothing in the war on spam. Just because a
sending MTA has a PTR for its IP means didly-squat. Just look at the virus
infected home computers and laptops that are acting as robot relays spewing
millions (or is it billions now) of spam per day. You know what, probably
90% of them have a PTR record for their IP address.
The best anti-spam software are those based on a weighting system. (Guess
what, bayes based/type systems are at the root a weighting system.)
Generally speaking, those are configured to give no more than 25% of a hard
fail weight to the lack of a PTR record, and nothing meaning no negative
weight to the existence of a PTR record.
John T
eServices For You
"Seek, and ye shall find!"
-----Original Message-----
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Taylor, George
Sent: Friday, June 02, 2006 8:05 AM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: IMF config
Hmmm, should I dance around like a god? or do they even dance? :-)
I have to disagree with you John. It is standard practice to require a
valid RDNS lookup in order to except a piece of mail. Basically all you are
doing is verifying that the sender is in fact who they say they are, or
should I say the server connecting to your server is who it is advertising
itself as. As you say, take a look at the real world:
A guy walks into your mailroom wearing a purple shirt with a unibomber
emblem and says "Take this package, it's from UPS..." What's your mail
clerk going to say? "I'll take it because I don't care who you are, I just
take all packages addressed to me..."? I hope not, that's how things get
blown up, that's how your email system will get blown up with viruses, spam,
threats, etc... If you cannot verify the origin of a piece of mail and you
except it anyways, you put yourself at risk, a conscience email
administrator is not going to allow that.
Just my .02
George Taylor
Systems Programmer
Regional Health Inc.
_____
From: John T (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
Sent: Thursday, June 01, 2006 5:07 PM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: IMF config
Andrew, please tell me you are not actually considering doing this.
Yes, the big want-to-be Internet God's such as America Off Line block/refuse
on no PTR, but that is not practical in the real world as the rest of us
know it. Besides, I think America Off Line is just trying to get on Dan
Quails' good side, if he has one.
John T
eServices For You
"Seek, and ye shall find!"
-----Original Message-----
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English
Sent: Thursday, June 01, 2006 4:05 AM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: IMF config
Is there anyway to get IMF to drop emails that fail reverse lookup?
Thanks
Andrew
Other related posts:
