Jim Reid wrote : > Reverse DNS does [have] uses, even for IPv6. They are not necessarily > related to authentication. When reverse lookups of the hosts sending > me email don't work, this is almost always an indication of spam. It > would be nice to use this heuristic as the first line of defence > against spam in an IPv6 world.
Exactly. Reverse DNS does provide a useful non-security function that cannot easily be provided in any other way, when I can force my MTA to bounce e-mails with an envelope sender of "[EMAIL PROTECTED]" but a source IP address that reverses to "lsanca1-ar16-4-46-004-002.lsanca1.$BIGILEC.net". This is not a security-relevant feature, but it is a quite useful one. I'd prefer to be able to receive e-mails from valid $FREEMAIL users *and* to be able to receive e-mails from folks with DSL connections through $BIGILEC, while blocking folks who are forging headers/senders. Reverse DNS does allow me a good capability to do that, as a countermeasure for folks who are spamming from home or (ab)using misconfigured home/SOHO systems with good bandwidth. Dean, since this functionality works today (and works rather well for me as one part of a multi-layer filtering system), I would suggest that if you believe it is dangerous then you work to improve the functionality or the documentation--rather than removing the functionality. Or do you not consider the above to be a reasonable use of reverse DNS lookup? --Rip There are some things that man was not meant to know...for everything else, there's DNS. (okay, I'm joking.) #---------------------------------------------------------------------- # To unsubscribe, send a message to <[EMAIL PROTECTED]>.
