Re: [dns-operations] Trustworthiness of PTR record targets

Tue, 04 Mar 2014 15:34:25 -0800 

On 03/04/2014 11:58 AM, Paul Vixie wrote:



Doug Barton wrote:

... However, in general:

1. Anyone can put anything in a PTR record. There is no safe
assumption that the content is accurate.


s/anyone/the owner of the netblock/



Well, if you're really going to get that specific, it's "The operator of 
the name server(s) to which the specific reverse zone in question is 
delegated" which may or may not be the same thing. But seriously folks, 
I thought that went without saying. :)



2. In my experience (which is not thorough, but also not zero)
anti-spam folks are completely uninterested in what's in the PTR, and
generally do not do any blacklisting by domain name in the sense you
seem to mean.


this is just wrong. many of us use PTR patterns to decide whether to
ignore the PTR because it was machine-generated, and/or treat it as
"dynamic" or "dialup".



I've already addressed this in a previous response, but I think you're 
answering something that the OP didn't ask. (Or, I misunderstood the 
OP's question, which is entirely possible.)



I took the OP's question to be, "If example.com is listed in a PTR 
returned by a lookup for an address that sent spam, will organizations 
like SpamHaus use that as evidence to blacklist example.com?" If that is 
actually the question, I am pretty sure the answer is no, they won't.



several anti-spam initiatives use PTR content to
populate blackhole lists or other rejection filters. because of the
practice of rejecting some connections if there is no PTR, it is now
common practice to create low-information-content (low-value) PTR's
which are themselves a signal of likely wrongdoing.



Of course, but what you're referring to is the practice of checking 
whether the PTR matches the forward for a given address and using that 
as input into the reputation process (as Jothan referred to in an 
earlier message). Again, I don't _think_ that's what the OP is asking.



What I tried to suggest, ever so humbly, in my original response was 
that we're all just wasting our time here guessing (and/or ignoring) 
what the OP actually wanted to know. Maybe it would be worthwhile to put 
a hold on the thread until he responds?


Doug

_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs























					Reply via email to