[Dshield] Re: Risk Assessment

Alan Frayer afrayer at frayernet.com
Mon Oct 25 13:42:01 GMT 2004

On Sun, 2004-10-24 at 04:51, Mar Matthias Darin wrote:

> >>    4.  Mail is not accepted from any IP address that does NOT have a
> >>        reverse DNS lookup.
> > 
> > Try that on a large server and see how well it works.  You will find
> > that you get a lot of false positives.  Yes, there are lots of clueless
> > mail admins that run servers without rDNS, but that's life.

> My server handles a million people a day...  Its not Yahoo or MSN, 
> but none-the-less, it is quite significant for my equipment. 
> It may be life for them, but these policies stop 30,000 to 40,000 
> spams a day and at least a thousand virus...  my users call it 
> effeciency to login to their account and maybe have one spam/day.  
> Are your stats as effecient? 

Are you SURE your users call it efficient? Looks to me like you keep
your users like mushrooms.

If I were hosting users, I think I could effectively filter their
e-mails without being as dramatic.

> When YOU pat my bills then YOU can decide what is idiotic.  Until then, as 
> long as my users are happy...  thats the way it stays.  They like the 
> service, I like the profit tree..  Its works for all of us. 

How would they know? If you exclude those e-mails without rDNS, then
your users never receive the e-mails from those with less than perfect
system admins, and they may never know they don't get it... Or do you
simply say, "Ignorance is Bliss"?

I guess you don't host any e-commerce sites. If you did, you'd be
risking a fair amount of business from people who simply think the
business is uncaring, because the business never replies to e-mails.

Oh, and if you shut off the services used as health indicators (ping,
traceroute, etc), I guess you'd never know if it DOES work for all of

Lucky your competitors don't have your client list... Or tell me who
your clients are, I'll educate them, and THEY can tell you what's
idiotic, since THEY are paying your bills.

Alan Frayer, CNE, CNI, CIW CI, MCP, Net+ - afrayer at frayernet.com
Member: Independent Consultants Association (ICA)
Consultants - FREE Directory Listing - http://www.ica-assn.org

More information about the list mailing list