[CLUE-Tech] reverse DNS
Charles Oriez
coriez at oriez.org
Mon Sep 13 11:19:19 MDT 2004
At 10:54 AM 9/13/2004, Angelo Bertolli wrote:
>>I would say that it is trumped by the later RFC 2821
>>
>>http://www.faqs.org/rfcs/rfc2821.html
>>
>>"It is a well-established principle that an SMTP server may refuse to
>>accept mail for any operational or technical reason that makes sense to
>>the site providing the server."
>>
>>Rejecting for invalid rdns rather than waiting for the dnsbl to tell the
>>receiver to reject it saves on cpu cycles on the receiving server. That
>>is the same reason that I put the most prolific spammers in my access.db
>>with a reject instruction - no bandwidth wasted waiting for a remote db
>>to tell me what I already know.
>Also, what do you think about just accepting all mail, and then maybe not
>delivering it if you don't like it? (What is the term for this?)
>This would have the effect of not only reducing the payoff of spammers
>(like with blocking), but also leaving them in the dark about which
>servers are delivering their mail, which ones aren't, etc. But I guess
>there are legitimate reasons for mail to get bounced back... so that may
>not be a good thing. I know one thing I have found annoying is when
>people respond with a 400 error to something that should be a 500 error,
>because they want to delay spammers as much as possible.
There is always the chance of a false positive. While I am an advocate of
not sending back warnings when viral loads are delivered, I do think that
it is important to bounce undelivered messages for several reasons.
1) The occasional false positive needs to be dealt with
2) If a sender knows that their mail is being rejected because their ISP
harbors spammers, they can choose to put pressure on the ISP or vote with
their wallet by changing ISPs. If they make the choice to help finance the
spammers by sticking with the ISP without complaint, then they can't
complain that they didn't know that they were the subject of a boycott
>Also, what do you think about tar pits? They seem kind of aggressive, but
>are they really changing anything?
those who implement them swear by them. I haven't bothered to spend the
bandwidth to implement one. I think I'd want it on a separate IPA and
separate box to avoid impact on my production systems
--
Charles Oriez coriez at oriez.org 39 34' 34.4"N / 105 00' 06.3"W
"Drag God into politics, and you'll ruin his reputation in no time." --
Molly Ivins
More information about the clue-tech
mailing list