On Sun, 24 Jun 2007, Marc Perkel wrote: > One thing that spammers can't spoof is RDNS. So if the RNDS of an > IP is xxx.xxx.amd.com then we know the email is ham.
...unless, for instance, an AMD corporate box gets pwned. > A query comes in to a specially written DNS server where the RNDS > is looked up and it's xxx.ibm.com and ibm.com is in the list of > blessed ham hosts. We would need a fast way of getting rid of the > subhost part to do the lookup, stripping the xxx part off to get > the domain, . We would then return a yes response and cache the > data in a local database. The owner of a netblock can put whatever they like in as the rDNS hostname. They don't necessarily need to also own the domain they claim it belongs to. This means a spammer who owned a netblock could spoof whatever rDNS they pleased; fortunately this is unlikely and would be really easy to trap using a traditional DNSBL. On the flip side, DNS poisoning does exist, so a resourceful spammer may be able to poison rDNS to a degree. > Of course this wouldn't solve domains like yahoo, hotmail, > comcast, and other mixed source spam but it would allow a lot of > email to be preclassified as ham without further testing. > > Who likes this idea? Basically you're suggesting a DNSWL. Sounds like it has some merit. Nothing, however, is a panacaea. -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ [EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- ...to announce there must be no criticism of the President or to stand by the President right or wrong is not only unpatriotic and servile, but is morally treasonous to the American public. -- Theodore Roosevelt, 1918 ----------------------------------------------------------------------- 10 days until The 231st anniversary of the Declaration of Independence
