Wouldn't SPF ( RFC 4408) tell people more about where the real mailservers are than some half-baked idea of trying to enforce what hostnames should look like?
What's the word for 'mail server' in Lower Sorbian, and does your algorithm properly detect it in a hostname? See the problem here? On Wed, Dec 16, 2009 at 6:49 AM, Adam Armstrong <li...@memetic.org> wrote: > On 16/12/2009 06:12, James Hess wrote: > >> On Tue, Dec 15, 2009 at 11:30 PM, Adam Armstrong<li...@memetic.org> >> wrote: >> >> >>> personally, i'd recommend not being a dick and setting valid *meaningful* >>> reverse dns for things relaying mail. >>> >>> >> Many sites don't use names that will necessarily be meaningful to an >> outsider. >> Sometimes the non-meaningful name is the actual hostname and the >> _only_ name that machine is known by, even if the name appears >> "generic" or contains an IP. Host naming is a matter of local >> network policy, and the RFCs that pertain to hostnames specify syntax >> requirements only. >> >> Some sites might want to avoid certain "meaningful" RDNS entries >> since spammers, hackers, and other abusive users that scan IP ranges >> can utilize the RDNS to facilitate their activities. All >> reverse DNS information is in the hands of the enemy. >> >> For example, when spammers' IP scanning efforts find that an IP >> address reverses to "mail.example.com" the spammer will know >> to try @example.com e-mail addresses for their dictionary-based >> brute-force spamming. >> >> On the other hand, if the MTA's IP reverses to something like >> a152.x.example.net. >> >> As is common for many domains. >> Spammers coming in by scanning large ranges of IPs, have no >> pointer to report the mailserver they discovered is @example.com >> inbound (or outbound) mail. >> >> > > The 1970s called and asked for its security policy back :( > > I would have thought that asking for the MXes for example.com would have > told them what the inbound mailserver is... > > adam. > > > >
