Re: increase in spam and what to do about it
- From: david20@xxxxxxxxxxxxxxxx
- Date: Sat, 25 Nov 2006 14:57:15 +0000 (UTC)
In article <ek9l9r$c7q$1@xxxxxxxxxxxxxxxxx>, david20@xxxxxxxxxxxxxxxx writes:
In article <1164427612.373176.124490@xxxxxxxxxxxxxxxxxxxxxxxxxxx>, davidc@xxxxxxxxxxxx writes:
Bill Gunshannon wrote:The DNS lookup of MX (or A records) is not part of the mail transaction.
Which is the same set of "potential customers" - I'm just testing the
RBL at a different place.
But, if you just change RBL's you open yourself up to all the places the
other RBL had that the new one doesn't and your back where you started.
You still don't understand. An MTA typically checks for an MX record
to determine which host to send mail to. Rather than accept and drop
an SMTP connection based on the IP address being in a RBL, it would
save some traffic to not send respond to the DNS lookup if the
requesters IP address is on an RBL. It's the same RBL, just testing
the IP address at a different point of the SMTP process.
The DNS lookup is done to the senders local DNS servers which either have the
information already cached or have to ask other DNS servers for the
information.
That makes it pretty much impossible to provide incorrect information
eg a 127.0.0.1 response or no response at all just to systems on an RBL.
(Also the DNS lookup is used for other types of connectivity not just email.)
A better way of doing this was actually devised and used. The original MAPS RBL
(realtime blacklist) provided routing information and allowed sites which
made use of it to basically cut the sites on the list off the internet as far
as they were concerned.
Sorry that should be Realtime Blackhole list not realtime blacklist.
David Webb
Security team leader
CCSS
Middlesex University
Since Trend Micro took over MAPS I'm not sure whether the RBL BGP feed is still.
available.
This was at one point quite widely used. One of the UK Education Network
(JANET) transatalantic links was provided by Teleglobe who implemented this
blocking. Hence any US sites which managed to get themselves on
the RBL list were totally cut off from UK universities - no mail, no web , no
contact whatsoever. As far as they were concerned UK universities were no longer
on the same internet.
The disadvantages of this approach (especially when it was controlled by
someone outside your own organisation ie Teleglobe) are pretty obvious.
David Webb
Security team leader
CCSS
Middlesex University
- Follow-Ups:
- Re: increase in spam and what to do about it
- From: david20
- Re: increase in spam and what to do about it
- From: davidc
- Re: increase in spam and what to do about it
- References:
- increase in spam and what to do about it
- From: Phillip Helbig---remove CLOTHES to reply
- Re: increase in spam and what to do about it
- From: JF Mezei
- Re: increase in spam and what to do about it
- From: Bill Gunshannon
- Re: increase in spam and what to do about it
- From: davidc
- Re: increase in spam and what to do about it
- From: Bill Gunshannon
- Re: increase in spam and what to do about it
- From: davidc
- Re: increase in spam and what to do about it
- From: Bill Gunshannon
- Re: increase in spam and what to do about it
- From: davidc
- Re: increase in spam and what to do about it
- From: Bill Gunshannon
- increase in spam and what to do about it
- Prev by Date: Re: increase in spam and what to do about it
- Next by Date: Re: OpenVMS Support Issues
- Previous by thread: Re: increase in spam and what to do about it
- Next by thread: Re: increase in spam and what to do about it
- Index(es):
Relevant Pages
|
