On Tue, Jul 22, 2008 at 12:00 PM, Bob McClure Jr <[EMAIL PROTECTED]> wrote:
> If I may extend this OT thread, I'd like to know how draconian admins > get with their mail servers. Without considering RBLs, how much do > you limit client connections: > > Allow only those with (PTR and/or A) DNS records? It's becoming common to reject clients with no PTR, but there are still many legit hosts using an ISP that doesn't offer PTR. So this is not universally acceptable and prone to false positives. This also isn't terribly effective since many botted machines have proper DNS entries. It would be nice if all ISP's firewalled port 25 and offered a self-service interface so the customer could unblock it if they run a server. 99% of customers would never notice that port 25 was blocked. > Allow only those with MX records? You mean only accept mail if the sender domain lists the client as an MX? That doesn't work - too many orginazations use split systems where sending and receiving hosts are on different IPs or even different netblocks. SPF is a start at giving the sender control over what IPs are allowed to send mail, but it's not without problems. > > > I figure only the latter will be the Final Solution to spam. But > there are probably only two chances of that - slim and none. There isn't a Final Solution without replacing SMTP with something else, and there is no agreement on what the "something else" should look like. Likely it too would be exploited, but in new and interesting ways... -- Noel Jones
