[Dshield] Need some help testing

Tomas L. Byrnes tomb at byrneit.net
Sun Jul 8 17:32:33 GMT 2007 

I am well aware that there are many sites filtering addresses that they
see as "dynamic" using some measure thereof. I am also, painfully, aware
of how often that designation is woefully inaccurate, and the difficulty
with getting it changed.

I have had IPs I am responsible for, which were properly reversed as
static (using one of the methods you decided was "dynamic") by my ISP,
listed as dynamic. In one case, since the ISP controlled the PTR
records, and wouldn't/couldn't change them, since they used those for
troubleshooting and network monitoring purposes, my only option was to
change ISPs. My current ISP, COX business services, will set the PTR to
whatever I say it should be, which I always make the FQDN of the mail
server if there are multiple hosts nated to it.

This wasn't a case of "scorched earth", the IP had never spammed, and
there was a valid PTR, it just happened to be a PTR that nit-picking
pedants decided wasn't good enough.

SPAM is a scourge, but some of the cures being put forth are worse than
the disease.



> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Mar 
> Matthias Darin
> Sent: Saturday, July 07, 2007 9:33 PM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Need some help testing
> 
> Hello, 
> 
> Tomas L. Byrnes writes: 
> 
> > The problem here is that you are referring to an IETF draft, which 
> > means it is not even close to widely followed.
> > 
> > The APL RR type was a draft for 3 years, but never made it into the 
> > spec. That would have been much more useful for filtering.
> 
> Here are a few links to others doing research in dynamic IP 
> address filtering (from a simple search on Google): 
> 
> http://oregonstate.edu/net/spam/ 
> 
> http://www.windowssecrets.com/comp/060126/ 
> 
> http://www.spambouncer.org/aboutspam/filtering.shtml 
> 
> 
> AOL's email banner: 
> 
> 220-rly-mb01.mail.aol.com ESMTP mail_relay_in-mb1.9; Sun, 08 Jul 2007
> 00:25:19 -0400
> 220-America Online (AOL) and its affiliated companies do not
> 220-     authorize the use of its proprietary computers and computer
> 220-     networks to accept, transmit, or distribute unsolicited bulk
> 220-     e-mail sent from the internet.  Effective immediately:  AOL
> 220-     may no longer accept connections from IP addresses which
> 220      have no reverse-DNS (PTR record) assigned. 
> 
> 
> Non-reversable IP addresses are often considered dynamic.
> _________________________________________
> SANSFIRE 2007 July 25-August 2 in Washington, DC.  56 
> courses, SANS top
> instructors, and a great tools and solutions expo. Register today!
> http://www.sans.org/info/4651 (brochure code ISC)
>

More information about the list mailing list