Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Is Reverse DNS a Worthy Standard For Fighting Spam?

Posted by timothy on from the who-the-heck-are-you? dept.

drmartin66 makes it to the front page with this question: "Last weekend I installed a new spam filter server for a client, and enabled connection rejection if the sending server did not have a Reverse DNS record. Since then, I have had a number of emails rejected from regulator bodies that do not have a Reverse DNS record, and are refusing to have one created for their email server. What is your opinion of Reverse DNS records? Are they (or should they be) a standard, and required? Or are they useless for spam fighting?"

8 of 301 comments (clear)

  1. rDNS by alphatel · · Score: 5, Insightful

    Like all things spam, marking the message as bad automatically is generally discouraged. If you simply increase the SCL value by some reasonable number, and continue to raise SCL based on other soft violations (like spamhaus, surbl, etc), you will rarely put good senders in the junk email folder, and very frequently be able to reject most spam content.

    --
    When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
  2. Better Question... by RedACE7500 · · Score: 4, Insightful

    What reason would anyone have to be running an SMTP server without a PTR record?

    1. Re:Better Question... by Anon-Admin · · Score: 4, Interesting

      I hate to say it but you have way too high of an expectation of ISP's

      I have a static address on a business account via a major ISP. I have a Domain name and have DNS. My DNS resolves to www.mycompany.com but the ISP has the PTR set to 111.222.333.444.static.ISPDOMAIN.COM

      They will not change it no matter what I ask and E-mail from my domain through my e-mail server is rejected because the PTR does not match the A record. It has gotten so bad that I had to pay for a mail relay host to push my mail through. To me, this is a risk because they (The relay) could intercept, monitor, or filter the private e-mail between me and my customers which would directly effect my business.

      So, personally I say it is a bad idea!

    2. Re:Better Question... by omnichad · · Score: 3, Informative

      You don't need IP delegation. Most ISP's offering business class Internet will just set the reverse DNS records up for you on your static IP address. Yes, you have to get in touch with their support, and yes, you have to get a rep that knows what you're talking about - but there's typically not even an extra charge.

  3. No by TheCarp · · Score: 3, Interesting

    You know....I hate spam. It made usenet useless for years, it continues to degrade the usefulness of email, spamers steal resources and are underhanded dickwads.

    All that said, some of the anti-spam people are ridiculous zealots who don't care who gets caught in the crossfire.

    I have a server in colo. Its my mail server, but it also does a number of other things. Until recently, it ran a tor node. Why? Because i had sooo much more allocated bandwidth than I was using on a monthly basis that it cost me nothing extra to run. Ran it for at least 6 years on the same node.

    Its now shut off, why? Because some idiots at Spamhaus decided that running a tor server was suspect. Never mind that it was disallowed from exiting on port 25, which is publically posted info in its service descriptor....no... Of course, I think they are also fooled by the fact that several windows users have shell accounts and use it as a web proxy.... so somehow my box also was infected with a Windows trojan according to these geniuses.

    We got it cleared up, but still are not able to donate excess bandwidth allowance to the tor network.... which is bad enough, but this isn't the first time I have had my server blacklisted for no good reason at all. I don't even remember what BS it was last time, just that it was... BS.

    Now will this kill me? No.... I have reverse DNS setup and have for years but...come on.... seriously? Bouncing mail sucks, especially when you suddenly start doing it to whole domains.

    If it were just me, my opinion is that anyone using one of these RBLs has a misconfigured mail server, I wouldn't have "fixed it".... but I host other peoeple's email domains, so the black ball tactics worked.

    --
    "I opened my eyes, and everything went dark again"
  4. Get another one, then. by khasim · · Score: 3, Informative

    If email is important to your organization then the cost of a correctly configured mail server is insignificant.

    Seriously, your email server can be anywhere in the world. There's no reason that you have to go through a specific ISP. Even if they're blocking port 25, you can get a different ISP to accept mail from you on a different port. Even Google offers that option.

  5. Re:Depends on how badly you want mail.... by Just+Some+Guy · · Score: 5, Informative

    It's been a long time since I wrote up some spam-filtering instructions, but I'd still stand by most of my recommendations. In general, yes: just increase the spam score. I do have several litmus tests, though. If you fail one of these, I'm not accepting your mail:

    • Your HELO has to send something that actually looks like a hostname. "server" doesn't work, and neither does "5626^^^". Rationale: a server this badly misconfigured is either a spambot or so horribly broken that I don't want to talk to it. I look at the output of this rule from my logs and I've literally never seen anything blocked that looked like it might have been legitimate.
    • Don't send me my own hostname in the HELO. You're lying. The only reason to do this is to trick me into relaying for you.
    • Don't send mail From: an unresolvable address. "someone@server" isn't a legitimate email address. Neither is "joe@nonexistent.example.com". If it would be impossible to send you a reply because the address you've given can't possibly be valid, I don't need to hear from you.
    • I use zen.spamhaus.org, bl.spamcop.net, and b.barracudacentral.org to generate a likely spam score for incoming servers. If their combined score exceeds a certain threshold, I outright block email from that server. A server might accidentally end up on a blacklist, but it's unlikely that one would accidentally end up on more than one of those (in my opinion and experience) very conservative lists.

    "Be liberal with what you accept" is a great idea to a point, but there are some things that correlate very strongly with spamminess. Back to the subject at hand: I don't think that lack of reverse DNS is one of those things.

    --
    Dewey, what part of this looks like authorities should be involved?
  6. It's a poor differentiator by sjames · · Score: 3, Insightful

    Filtering based on lack of rDNS is an old technique that actually did a good job of detecting spam without an excess of false positives for about a week in the late '90s. It has for some reason become enshrined as policy by a great many people now. These days it is occasionally a better indicator of NOTspam since the spammers all make sure they have rDNS set up and have done so since that week or so in the '90s.

    Consider, if someone in a striped shirt wrote your business a bad check a decade ago, would you maintain a policy of not doing business with people who wear striped shirts?