Jeff wrote on 12/09/2006 04:57:51 PM: > So, when my server sends e-mail, it uses "saber.nabs.net" as its > "EHLO", and the connection comes from 71.246.216.107. "host > saber.nabs.net" returns 71.246.216.107, which is the same IP that the > connection comes from. So far, so good. > > But, "host 71.246.216.107" returns: > static-71-246-216-107.washdc.fios.verizon.net. > > This hits on just about every "is this a generic rDNS" regex. But, as > you can see by the name, it's not likely to be a dialup/dynamic, etc. > > So, I vote for any change to the Botnet code that ends up with my type > of situation (which is pretty much what Jan-Pieter was also describing) > not getting rejected.
Since many home dialup/DSL/Cable users that want to connect to their AUP violating servers at home use free dynamic DNS services, I have a proposal to help seperate them from the legit servers like Jeff describes. The free dynamic DNS servers usually have very short TTL values, and presumably, a legitimate server like saber.nabs.net has a more reasonable (greather than 2 hour) value. By checking the TTL, you can help weed out the bogus servers without blocking small business mail servers on DSL/etc connections. Another test might be to see who hosts their DNS, but that might be more problematic. If it is a known free, dynamic DNS server, regardless of TTL, would that be a spam indicator? _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
