[AusNOG] IPv6 reverse DNS and Mail ...

Scott Howard scott at doc.net.au
Tue May 21 02:35:53 EST 2013


These customers you talk about, are they the same customers that complain
when a single spam message gets through?  Do the "business needs" your
talking about include blocking phishing attacks and other security risks
for the business?

Keeping bad and malicious email out of the end users mailbox *is* a part of
the service that people provide for their customers.  Blocking connections
from hosts without PTR records is one of the many (many!) mechanisms that
people can elect to use or not to use to achieve it.  I've worked for 3 of
the major anti-spam providers, and worked with countless others, and can
attest to the fact that it's a good mechanism for most people.

Given that you picked Google as an example, I challenge you to find a
single SMTP sending host at Google that doesn't have a PTR record.  You
won't find one. Like any worthwhile sender they recognize that setting up a
mail server means making sure that DNS is setup correctly - not just MX
records, but also PTR records.

Discussions around RFC's are largely irrelevant. Until recently, every
worthwhile spam product was non-RFC compliant (hint: drop a message, or
even put it in a quarantine- you're breaking RFC2821). RFC5321 mostly
resolved that issue, but even so...

  Scott



On Mon, May 20, 2013 at 7:38 AM, Shane Short <shane at short.id.au> wrote:

>
> On 20/05/2013, at 6:04 PM, Noel Butler <noel.butler at ausics.net> wrote:
>
> > On Mon, 2013-05-20 at 16:28 +1000, Reuben Farrelly wrote:
> >
> >
> >> "They don't have a PTR record" isn't an explanation that will cut it to
> >> non IT people, generally, and after the blank look has subsided you'll
> >
> > "Sorry,  but we see that X has failed one of our many anti spam measures
> so was rejected" - That's good enough. It's been good enough for past near
> 20 years, fail to see why WE should change, just to appease lazy system
> admins, if they can't do their job properly, maybe their employers should
> know, so they can be replaced by someone who will do the job properly.
> >
>
> Not to call anyone out in particular, the general contempt some sysadmins
> show for their users is phenomenal-- sometimes I think people forget why we
> have these networks in place. We run these networks to service a customer
> or business need, not to give you toys to play with during the day.
>
> If the customer isn't getting their mail, you're not doing your job. You
> can't dismiss the person with "oh the other end is doing something I don't
> like so I'm rejecting their email"
>
> So what if someone on the other end of the world haven't set up rDNS
> properly on a box? Google don't set up any rDNS on much of their network
> infrastructure, which bothers me, shall I blackhole their traffic? I bet
> that'd last a whole 30 seconds before someone bitches me out.
>
> -Shane.
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130520/d1e83ca4/attachment.html>


More information about the AusNOG mailing list