GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: Reverse DNS [7:84316] posted 02/13/2004
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


If/When SPF gains wider acceptance, it'll probably make the reasons
being doing reverse lookups somewhat less valid and there will be less
reason for this practice (though it still has it's place.

For those who don't know, SPF allows the sending domain to specify (via
DNS) which servers are Sender Permitted From.  The receiving server will
check the DNS for the domain the sending server claims to be from, and
ensure that the sending server's IP matches one of the SPF records for
that domain.  However, it's also backward compatible with existing SMTP
specs.  Meaning that if there are no SPF records for a given domain, all
email from that domain will be accepted regardless of what server is
doing the sending.

This will allow clueful admins to protect the integrity of their domain
name by publishing SPF records.  I imagine AOL, Yahoo, Hotmail,
Earthlink etc. will jump on this opportunity to reduce forgery of emails
from their domain.  However, since it will (at least initial) allow
email from non-SPF domains by default, spammers can still take advantage
of open relays, so long as the domain they forge doesn't use SPF.

I suspect that once this system reaches critical mass, it will become
common practice to only accept email from domains using SPF.  This will
mean that email will ALWAYS be from the domain it claims to be from, but
at the expense of backward compatability, and problems with servers on
dynamic IP addresses.

It's not a panacea, but it's certainly a step in the right direction. 

-----Original Message-----
From: Priscilla Oppenheimer [mailto:nobody@xxxxxxxxxxxxxx] 
Sent: Thursday, February 12, 2004 5:05 PM
To: cisco@xxxxxxxxxxxxxx
Subject: RE: Reverse DNS [7:84316]

We discussed this last week too. See the thread from 2/06/04 called "dns
question/observation." The poster was trying to find out how prevalent
it is for there to be a reverse DNS record for an e-mail sener. He was
on the other side, as a user of an anti-spam mechanism that uses reverse
DNS, if I recall correctly.

He concluded this:

"Last posting on this. The feedback received here, offline and from
another list is that while it is a good practice to have a ptr rr it
isn't required to send mail. Greatly summarizing the responses received
the tone seems slightly in favor of performing reverse lookups as a
countermeasure to spam but there are strong feelings and reasons for not
doing so. Based on these inputs we're going to turn off the reverse
lookup but offline run reverse lookups on mx hosts identified in the
logs to see if we can more deterministically describe the magnitude of
the issue."

Good luck! Maybe someday this mess will get better. Bill Gates claims
that it will! :-)

Priscilla

Adam Frederick wrote:
> 
> Hello again I ran across an issue today w/ an outfit called "SpamCop."
> Well, they must have some kind of spam software for businesses and 
> have blocked my mail server from sending to certain companies because 
> I have no reverse DNS.  This mailserver has been up and running for 
> years and we've never had such problems.  We upgraded to Exchange 2000

> about 5 months ago and never had any problems, until Today.  I went 
> out and did a query on my IP and just like above it says "no reverse 
> dns."
> Any ideas?
> Anyone had this happen before? I have reverse DNS setup internally but

> I know that's not helping the outside world. Thanks Adam
> 
> ----------------------------------------------------------------------
> --
> 
> Keep up with high-tech trends here at "Hook'd on Technology."
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=84323&t=84316
--------------------------------------------------
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html