[THIN] Re: OT: very wierd email problem
- From: Henry Sieff <hsieff@xxxxxxxxxxxx>
- To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
- Date: Wed, 24 Mar 2004 12:04:24 -0600
Although I agree that rDNS is not a kill-all, it doesn't work quite as you
describe; the email address in the From: line isn't want the mail servers
use for the rDNS; rather, its the IP address of the mail relay being used to
send. IIRC, the most commonly used ones don't care if, say, mail
from:user@xxxxxxxxxxx comes via mailserver.domain2.com as long as the IP
address of the server connecting resolves to an FQDN. Using it WILL cut down
on the amount of spam (open up the headers of some spam you've received and
you will see that many come form mail servers without rDNS entries (unless
your mail server is already set to deny that).
I picked one at random from my spam trap:
http://www.dnsstuff.com/tools/ptr.ch?ip=195.240.199.238 shows that the
sending mail relay lacks a rDNS entry.
Its not a GREAT solution, because not all spam comes from servers w/o PTR's,
and legitimate email often does come from servers w/o PTR's. However, imo
lacking a valid PTR for a mail server (or any other internet server) is a
misconfiguration that should be corrected. (Many server side bayesian spam
solutions use the lack of a PTR as one token among many when it comes to
making its decisions, since lacking the PTR increases the chance that the
mail is spam.)
I'll go one further: if you run sendmail, you can find many open sourcey
bayesian spam filters which are free, so I don't think the admins who have
enabled this feature are doing so out of lack of budget. More likely, its a
decision made out of irritation with improperly configured DNS's and SPAM,
and the decision that the slight cost of losing mail from misconfigured
domains is outweighed by the clear reduction in spam in using it. *X admins
can be a grumpy lot, and mostly it is them that use this sort of thing.
> -----Original Message-----
> From: Nick Smith [mailto:nick@xxxxxxxxxxxxxxx]
> Sent: Wednesday, March 24, 2004 11:07 AM
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: OT: very wierd email problem
>
>
> It seems to be happening thusly;
>
> Management: We want something done about spam
> Technicians: Sure, there's this great anti-spam software, it
> costs about
> $50/user
> CIO: I don't have any budget left
> Management: We're not giving you more budget, and we still want
> something done about spam.
> Technicians: Uhhh, well, we can activate this reverse DNS thing on our
> server. That won't cost anything..
> CIO: Great, do it
> Technicians:...but spammers always fake legitimate adresses
> so it won't
> do any good.
> CIO: <After pause> Don't tell Management. <To Management> Well, we've
> activated reverse DNS.
> Management: Hoooray. We have proactively Done Something about
> Spam. And
> it cost nothing. Doubles and bonuses all round.
> Technicians: Let's go play Quake. It's more productive.
>
> Presumably it's along the same lines that everyone activated their "It
> would be really nice to tell people they've sent a virus tick box". No
> it &(**& wouldn't, it's always a fake address!!!! Turn the
> blo*dy things
> off, please!
>
> <Bored of telling users "no, you're not sending a virus. I know the
> email says you are. Look, just trust me on this..." 20 times a day>.
>
>
>
> -----Original Message-----
> From: Robert K Coffman Jr - Info From Data Corporation
> [mailto:bcoffman@xxxxxxxxxxxxxxxx]=20
> Sent: 24 March 2004 16:46
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: OT: very wierd email problem
>
> This is becoming extremely common.
>
> - Bob Coffman
>
> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On
> Behalf Of Henry Sieff
> Sent: Wednesday, March 24, 2004 11:07 AM
> To: 'thin@xxxxxxxxxxxxx'
> Subject: [THIN] Re: OT: very wierd email problem
>
>
> I just checked both of your domains; for your mail server on each one
> you lack a rDNS ptr record. Many mail servers out there are configured
> to just dump mail which comes from servers w/o a rDNS PTR. Fix it, and
> I'd wager the problem with that domain (and probably others you don't
> know about) will go away.
>
> http://www.dnsreport.com/tools/dnsreport.ch?domain=3DPrairietitle.com
> http://www.dnsreport.com/tools/dnsreport.ch?domain=3Dvdimail.com
>
> Henry
>
>
>
> ********************************************************
> This weeks sponsor Emergent Online.
> Emergent OnLine is the leading server-based computing consulting
> integration firm in the nation. Emergent OnLine delivers expert
> consulting services you can depend on.
> http://www.go-eol.com
> **********************************************************
> Useful Thin Client Computing Links are available at:
> http://thin.net/links.cfm
> ***********************************************************
> For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode
> use the below link:
> http://thin.net/citrixlist.cfm
>
>
> ********************************************************
> This weeks sponsor Emergent Online.
> Emergent OnLine is the leading server-based computing
> consulting integration firm in the nation. Emergent OnLine
> delivers expert
> consulting services you can depend on.
> http://www.go-eol.com
> **********************************************************
> Useful Thin Client Computing Links are available at:
> http://thin.net/links.cfm
> ***********************************************************
> For Archives, to Unsubscribe, Subscribe or
> set Digest or Vacation mode use the below link:
> http://thin.net/citrixlist.cfm
>
********************************************************
This weeks sponsor Emergent Online.
Emergent OnLine is the leading server-based computing consulting integration
firm in the nation. Emergent OnLine delivers expert
consulting services you can depend on.
http://www.go-eol.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
Other related posts:
