[AusNOG] [SHAME] spamrats.com

Anand Kumria akumria at acm.org
Thu Jan 10 18:55:03 EST 2013


On 10 January 2013 05:59, Noel Butler <noel.butler at ausics.net> wrote:
> On Thu, 2013-01-10 at 13:08 +1000, Julian DeMarchi wrote:
>
> On 01/10/2013 01:04 PM, Paul Fraser wrote:
>> Not that I agree with it, but I thought this was pretty much the norm as a
>> spam mitigation technique...
>
> A /32 yes. You can't block a whole /24 for no PTRs... I wouldn't be
> running 252 mail servers on one subnet...
>
>
> RFC 1912, Section 2.1 says every Internet-reachable host should have a name
> and "Make sure your PTR and A records match" and "For every IP address,
> there should be matching PTR record in the in-addr.arpa domain"
>
> its DNS 101

Note that it is not a *MUST* requirement, nor even a *SHOULD*.

And, frankly, _depending_ upon PTR records in 2013 is just plain daft.

% host -t mx gmail.com
gmail.com mail is handled by 30 alt3.gmail-smtp-in.l.google.com.
gmail.com mail is handled by 40 alt4.gmail-smtp-in.l.google.com.
gmail.com mail is handled by 20 alt2.gmail-smtp-in.l.google.com.
gmail.com mail is handled by 5 gmail-smtp-in.l.google.com.
gmail.com mail is handled by 10 alt1.gmail-smtp-in.l.google.com.

% host gmail-smtp-in.l.google.com.
gmail-smtp-in.l.google.com has address 173.194.70.26
gmail-smtp-in.l.google.com has IPv6 address 2a00:1450:4001:c02::1b

% host 173.194.70.26
26.70.194.173.in-addr.arpa domain name pointer fa-in-f26.1e100.net.

% host 2a00:1450:4001:c02::1b
b.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.c.0.1.0.0.4.0.5.4.1.0.0.a.2.ip6.arpa
domain name pointer fa-in-x1b.1e100.net.

The lack, or mismatch, between advertised name and PTR records should
just be used as a signal to a reputation service.

A recent post from someone who works in this area (disclosure; I don't
use their service at this time) covers the kinds of signals you'd
generally expect to us.

http://rolandturner.com/2012/12/14/a-defensive-strategy-for-accepting-email-over-ipv6

I realise that this doesn't help the OP but I just wanted to ensure
that people know that PTR records are a defining anti-spam mechanism
are very outdated.

Regards,
Anand

-- 
“Don’t be sad because it’s over. Smile because it happened.” – Dr. Seuss



More information about the AusNOG mailing list