It is not rocket science, just tedious. Start rejecting the "unknowns", that is, IPs without an RDNS. They are not bound to any specific domain, but their helos and envelope from never fail pretending to be from places they do not belong. They are usually rejected by SPF, but why wasting cpu cycles?
Next are the low-hanging fruits of dynamic domains, those that have "dynamic" in their name, thank you. Next are those with "dhcp", "wifi", "mobile", and plenty more similar to the above. You just do not want to receive an e-mail from someone's exploited printer or a home router or anything that is just not meant as a post office you can respond to. Next in line are those with lots of numbers in their RDNS, usually the same numbers of their IP. We spent months herding those free-range animals... Catching them is tedious, because there is no standard that binds ISPs to just prefix all such domains with "dyn-". Sent from ProtonMail Mobile On Tue, May 29, 2018 at 15:03, Alex <mysqlstud...@gmail.com> wrote: > Hi, On Tue, May 29, 2018 at 8:31 AM, Rupert Gallagher wrote: > We reject > e-mails from both dynamic and unknown domains, and feed the > firewall with > their CIDRs. The resulting blacklist includes 919 CIDRs, and > keeps growing > by itself. It is all automatic. I think ISPs should do this > filtering, even > if the EFF would scream like Donal Duck in favour of net > neutrality. How > are you determining that an IP is dynamic? We're using a set of postfix > regexes but it's very dated now. More details would be appreciated :-) > @protonmail.com>
