On Tue, 2006-11-28 at 13:48 -0700, Wade Preston Shearer wrote: > [1] From http://en.wikipedia.org/wiki/Reverse_DNS_lookup: > "Reverse DNS was designed to be primarily a tool for network > troubleshooting. However, it is sometimes used as a poor defence > against spam. When an Internet mail server receives incoming mail > from an external machine, it may check that the reverse DNS record > for the IP address of the originating server matches up with name by > which the originating server identifies itself during the SMTP > greeting. […] This is not a good defence against spam for several > reasons.
Using it in that manner is not a good idea, and in fact is not how AOL does it (nor I). Simply having reverse DNS set up to resolve to *something* is all that's required. It works because there are quite a few IPs that don't resolve and the majority of them generate spam. There is also a push to have ISPs generate reverse dns for their dynamic pools in a machine readable fashion, ie. x.dialup.example.com. Some providers do this and some don't. I used to oppose that but given the number of compromised machines on users' desktops, I think I've been convinced. Corey
signature.asc
Description: This is a digitally signed message part
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
