> wouldnt  the  spammer/attacker need to have delegated authority over
> the  source  ip  address  space and control of DNS infrastructure to
> forge a PTR record?

Well,  either delegated authority *or* a subscriber agreement with the
ISP  that  allows  PTRs  to  be requested/modified. For example, I can
write  to  my  DSL  provider  and  have the PTRs for my small IP block
changed  to  whatever  I  want.  I  don't  have  a  management  UI nor
delegation to my own NSs, but I can easily get it done.

Again,  we're  talking  about  a  targeted  attack.  Given  sufficient
motivation/payoff  for  such  an attack, a forged PTR is going to be a
lot  easier  to  make  happen  than an altered SPF record, let alone a
spoofed IP.

> I  have  been  doing  this  a  while and I dont recall ever seeing a
> message   whitelisted  due  to  forged  revdns,  I  use  revdns  for
> whitelisting heavily.

Me  too,  I'm  not  saying  it's  commonly  abused,  but  in  terms of
feasibility  I  just had to point out that MAILFROM w/forward-only SPF
mechanisms  is  less  vulnerable  to  forgery  than MAILFROM w/PTR SPF
mechanism or REVDNS alone.

-- S.

This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Reply via email to