Thomas Hochstein wrote: > Marc Perkel schrieb: > >> One thing that spammers can't spoof is RDNS. > > That is plain wrong. Most probably don't control the rDNS entries for > their IP space, but it is far from impossible. > >> So if the RNDS of an IP is >> xxx.xxx.amd.com then we know the email is ham. > > No. We do know that only if xxx.xxx.amd.com resolves to that IP, too. > Anybody who has control over the rNDS entries for an IP can setup a > PTR record of "xxx.xxx.amd.com" in the same way anybody who has > control over the DNS entries for a domain can setup an A record > pointing to any IP.
Wow, I'm usually not a big fan of Marc's anti-spam-scheme-of-the-week, but I think people should give him the benefit of the doubt on this point. Usually when people say "RDNS" in an Exim context, they mean "forward verified reverse dns", because that's what Exim does in its RDNS tests internally. And short of hacking the DNS system itself (which I know is doable, but its certainly not trivial), fvrdns is in fact unspoofable. Having said that, I do agree with the rest of the responders that the main idea here is unworkable. You want to whitelist only the "blessed" sending mailservers within a trusted organization, not their entire name space. - Marc -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
