On Wed, 2006-05-10 at 10:50 -0600, Andrew Jorgensen wrote: > Sometimes ISPs report to RBLs which blocks are used for their clients, > sometimes the RBL maintainers just figure it out for themselves, or > perhaps they ask the ISP. Other times I'm sure they make a good guess > and then get complaints from the ISP. There's no official record of > this stuff that I know of, but it works pretty well. AOL should not > be accepting mail from your server if your server might be your Mom's > worm-infested PC.
One of the heuristics used for some lists is based on the DNS name, things like *.dhcp.example.com, or dialup-*.example.com. If we could get that standardized, it might actually not be so bad. A simple change in DNS, which any clueful MTA admin should be capable of, would get you right off the list and people who don't know they're running an MTA would never know. And any ISP that won't let you run a mail server or won't change your reverse DNS isn't worth its salt, IMHO. > Of course some day worms will be smart enough to lookup the MX for the > domain if their host and ask it to relay for them. That will be a fun > day - every ISP in the world will have to implement authenticated SMTP > in the same month. There will probably be a public outcry. Fun, fun. We're already to that point and I don't think SMTP AUTH makes a difference. Many viruses simply send using the host's Outlook mail settings. I would guess that the majority of users have the MUA save their AUTH password, so the virus can simply inherit that too. Corey
signature.asc
Description: This is a digitally signed message part
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
