At 12:04 PM -0500 3/11/02, Stefan Jeglinski imposed structure on a stream of electrons, yielding: >Here is a header for some spam I got: > >>Return-Path: [EMAIL PROTECTED] >>Received: from karabalta.kg ([195.38.186.2] verified) by mx.4pi.com >>(Stalker SMTP Server 1.8b9d3) with ESMTP id > > >But, an A-record lookup on karabalta.kg yields 192.168.0.1. IOW, >they are either deliberately obfuscating this, or are simply stupid >with their DNS. > >Enough looking around shows that 195.38.186.2 is ns.karabalta.kg. >How does SIMS do this again? I thought it did a reverse lookup on >the IP, then if it gets a PTR record, it checks the PTR result to >see if there is a matching A record. Only then does it mark it as >verified. But in this case, there is no PTR record for 195.38.186.2, >AFAICT.
SIMS verifies what it can: that the claimed name resolves to the connecting IP address. Doing more (i.e a reverse lookup) is pointless really, since you already know that an SMTP sender using that IP claims the name, so checking for agreement from whoever does DNS for the reverse zone is a pretty small return at best. -- Bill Cole [EMAIL PROTECTED] ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
