[ale] reverse DNS & spam (was: godaddy for DNS)

Jim Kinney jim.kinney at gmail.com
Thu Dec 29 23:08:01 EST 2011


John,
You are correct. Reverse lookup is to get a name from an IP address. A few
years back in an effort to stem the spam flood, many mail servers began to
require a valid reverse DNS lookup. This helped block spoofed IP addresses.
It did nothing else. Due to how most ISPs now manage their networks from an
IP standpoint, rogue IP addresses are not as common.

That said, as long as your IP address has a valid reverse lookup data, you
should be OK. Most valid lookup data will basically identify the source IP
address and the ISP name or ISP domain.

for instance: I have the domain name jimkinney.us which resolves to
70.88.182.245. a dig -x shows the reverse is
70-88-182-245-Atlanta.hfc.comcastbusiness.net which identifies my IP and my
ISP and my region. This seems to be quite common now.

Some ISPs will set your reverse DNS data to match your domain name. so far
that seems to also require that your domain name be hosted with them as
well.

On Thu, Dec 29, 2011 at 9:33 PM, John Heim <john at johnheim.net> wrote:

> Wait a minute, something doesn't make sense to me. Why would a mail system
> do a reverse lookup as a way to prevent spam? So the smtp client connects
> to
> the mail server, the socket says the connection is from 66.170.20.226 and
> the smtp headers say its from lists.iavit.org. If you lookup
> lists.iavit.org, it does resolve to 66.170.20.226. That should be fine
> because if I'm a spammer and I'm using an account  on 66.170.20.226, I'm
> going to say I'm  somebody *else*. You know, I say I'm
> Bill.Gates at microsoft.com or something.   If you lookup microsoft.com, you
> don't get 66.170.20.226. Really, just the fact that lists.iavit.org and
> iavit.org resolve to the IP address of the smtp client should be enough.
> How
> is a spammer going to fake that? Yeah, I'm sure they could but it would be
> a
> heckuva lot of work.
>
> There is this SPF record thing where it asks the DNS server for hosts
> allowed to send mail for that domain. That makes sense to me. I can
> understand that. But I don't get the reverse lookup thing. It seems to me
> that would block a lot of legitimate mail for no reason.
>
> Maybe I'm getting "reverse DNS" mixed up with something else.A forward
> lookup is when you take a name and get an IP address from it. Reverse
> lookup
> is when you take the IP and get its name. Right?
>
> --
-- 
James P. Kinney III

As long as the general population is passive, apathetic, diverted to
consumerism or hatred of the vulnerable, then the powerful can do as they
please, and those who survive will be left to contemplate the outcome.
- *2011 Noam Chomsky

http://heretothereideas.blogspot.com/
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20111229/0e18de69/attachment.html 


More information about the Ale mailing list