nslookup from WinNT machine

Chris Buxton cbuxton at menandmice.com
Wed May 30 01:34:57 UTC 2001 

At 1:09 AM +0200 5/30/01, Brad Knowles wrote:
>At 5:55 PM -0400 5/29/01, Kevin Darcy wrote:
>
>  >  As for the general practice of mailers refusing mail from IP addresses
>  >  that don't reverse-resolve, I consider that one of the crudest and most
>  >  false-rejection-prone anti-spam mechanisms ever dreamed up.
>
>	Contrariwise, being the original Senior Internet Mail Systems
>Administrator for AOL, and one of the originators of many of the
>early anti-spam techniques, I consider it to be one of the most
>effective (and simple) measures available.
>
>	There is no way I would even consider setting up a mail server
>without turning on this feature -- certainly, I wouldn't do so except
>under extreme pressure, and even then I would only do so under
>violent protest.

Please provide some sort of justification for your statement. You 
have stated that you hold a strong opinion, but you have not said why.

Suppose someone wishes to spam your users. They get a dial-up 
account, connect, figure out what their PTR record shows (as 
configured by their ISP), and use that in their SMTP greeting. How 
does your reverse lookup strategy stop them?

I believe that in the case of AOL, you have your own in-house DUL. 
[Please correct me if I'm wrong - several of my customers would like 
to know if there is some other reason their mail to AOL accounts is 
sent to the bit-bucket without so much as a bounce message.] But that 
just tells me that the PTR lookup isn't helping you.

Now suppose someone sets up a mail server and tries to send 
legitimate (non-spam) mail to one of your users. But suppose their 
NSP can't find their rear-end with both hands, and doesn't even have 
the reverse zone delegated to themselves, let alone delegating a 
classless subnet reverse zone to their customer. There is no PTR 
record for the address, so your server rejects their mail. How is 
this beneficial to you, your users, or the net community at large?
____________________________________________________________________

Chris Buxton <cbuxton at menandmice.com>

Men & Mice <http://www.menandmice.com/> provides:
  - DNS training, including Active Directory
  - QuickDNS, a DNS management system for servers on Linux & Mac OS
    (Solaris support coming soon!)
  - DNS Expert, a DNS analysis and troubleshooting utility
____________________________________________________________________

More information about the bind-users mailing list