[ExchangeList] Re: IMF config

  • From: "Taylor, George" <gtaylor@xxxxxxxx>
  • To: <exchangelist@xxxxxxxxxxxxx>
  • Date: Fri, 2 Jun 2006 12:02:56 -0600

I'm guessing we won't agree on this point.  It's not an end to beat all
ends, but it is one additional step I take.  Although the infected home
computer might have a PTR record, it's not going to hit your SMTP server
and say "I'm spammer@xxxxxxxxxxxxxxxxxxxx" it's going to claim it's
john@xxxxxxxxxxxxxxxxxxx or something, therefor will never pass a
reverse lookup.  As I said before, I drop the connection at that point,
my spam/virus scanners don't have to churn through the message and make
the decision.
 
As we all know, we'll never beat spammers, I just take this additional
step to help protect my users and my systems.  Do I get false positives?
You bet and when we find them I fix them.  We also get false positives
from the weighting system within Surf Control.  Good example, enable a
hate filter and then explain to a group of doctors why they didn't get
the detailed invitation to a suicide prevention workshop.  Everything is
flawed to some extent, we just do the best we can.
 
George Taylor
Systems Programmer
Regional Health Inc.
 

  _____  

From: John T (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] 
Sent: Friday, June 02, 2006 11:25 AM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: IMF config



George, while Jim has already discredited your view, I will chime in
here as well.

 

I am heavily involved in e-mail servers and the war on spam. I can tell
you very firmly that it is not standard practice to require a valid RDNS
for both the reason that is stated by Jim and others and also for the
reason that presence of a PTR means nothing in the war on spam. Just
because a sending MTA has a PTR for its IP means didly-squat. Just look
at the virus infected home computers and laptops that are acting as
robot relays spewing millions (or is it billions now) of spam per day.
You know what, probably 90% of them have a PTR record for their IP
address. 

 

The best anti-spam software are those based on a weighting system.
(Guess what, bayes based/type systems are at the root a weighting
system.) Generally speaking, those are configured to give no more than
25% of a hard fail weight to the lack of a PTR record, and nothing
meaning no negative weight to the existence of a PTR record. 

 

John T

eServices For You

 

"Seek, and ye shall find!"

 

-----Original Message-----
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Taylor, George
Sent: Friday, June 02, 2006 8:05 AM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: IMF config

 

Hmmm, should I dance around like a god?  or do they even dance?  :-)

 

I have to disagree with you John.  It is standard practice to require a
valid RDNS lookup in order to except a piece of mail.  Basically all you
are doing is verifying that the sender is in fact who they say they are,
or should I say the server connecting to your server is who it is
advertising itself as.  As you say, take a look at the real world:

 

A guy walks into your mailroom wearing a purple shirt with a unibomber
emblem and says "Take this package, it's from UPS..."  What's your mail
clerk going to say?  "I'll take it because I don't care who you are, I
just take all packages addressed to me..."?  I hope not, that's how
things get blown up, that's how your email system will get blown up with
viruses, spam, threats, etc...  If you cannot verify the origin of a
piece of mail and you except it anyways, you put yourself at risk, a
conscience email administrator is not going to allow that.

 

 

Just my .02

 

George Taylor

Systems Programmer

Regional Health Inc.

 

 

  _____  

From: John T (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] 
Sent: Thursday, June 01, 2006 5:07 PM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: IMF config

Andrew, please tell me you are not actually considering doing this.

 

Yes, the big want-to-be Internet God's such as America Off Line
block/refuse on no PTR, but that is not practical in the real world as
the rest of us know it. Besides, I think America Off Line is just trying
to get on Dan Quails' good side, if he has one.

 

John T

eServices For You

 

"Seek, and ye shall find!"

 

-----Original Message-----
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English
Sent: Thursday, June 01, 2006 4:05 AM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: IMF config

 

Is there anyway to get IMF to drop emails that fail reverse lookup?

 

Thanks

Andrew

 

Other related posts: