> wouldnt the spammer/attacker need to have delegated authority over > the source ip address space and control of DNS infrastructure to > forge a PTR record?
Well, either delegated authority *or* a subscriber agreement with the ISP that allows PTRs to be requested/modified. For example, I can write to my DSL provider and have the PTRs for my small IP block changed to whatever I want. I don't have a management UI nor delegation to my own NSs, but I can easily get it done. Again, we're talking about a targeted attack. Given sufficient motivation/payoff for such an attack, a forged PTR is going to be a lot easier to make happen than an altered SPF record, let alone a spoofed IP. > I have been doing this a while and I dont recall ever seeing a > message whitelisted due to forged revdns, I use revdns for > whitelisting heavily. Me too, I'm not saying it's commonly abused, but in terms of feasibility I just had to point out that MAILFROM w/forward-only SPF mechanisms is less vulnerable to forgery than MAILFROM w/PTR SPF mechanism or REVDNS alone. -- S. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
