Home page logo

nanog logo nanog mailing list archives

Re: Identifying residential CPE IP addresses? (was: SORBS on autopilot?)
From: Steven Champeon <schampeo () hesketh com>
Date: Tue, 12 Jan 2010 15:59:01 -0500

on Tue, Jan 12, 2010 at 02:59:55PM -0500, Jed Smith wrote:
  4. For other reasons laid out in this thread, PTR is not the best choice.
     Additionally, administrators of mailservers who have no idea what a PTR
     is -- although their entry fee to the Internet mail system is debatable
     it will not be discussed here -- are now punished by blocklists like
     SORBS and Trend Micro with the simple crime of not knowing to PTR their
     mail server with something that screams "static allocation, not CPE".

Mild correction: it's FAR BETTER to use something that screams


rather than just using yet another generic static naming convention. :-)
Because using generic static naming is falling victim to the rather
baseless assumption that all statics should be allowed to send mail,
which is just ridiculous. We've got a /27 (we're a web app dev shop) and
only one of those IPs is a mail source, one is a NAT, one is a VPN box,
several others run Web servers and other services, and so could possibly
emit mail but likely only to us, and we can always whitelist if need be.
I assume that the case is similar in other organizations; their static
IPs far outnumber their canonical mail servers.

Of course, I asked for appropriate custom PTRs for all of them, but
still - the point stands, especially for those who think that generic
static PTRs are sufficient for a modern mail infrastructure. I don't
care who your ISP is, I care who you supposedly are, because if I see
that your mail server (or other hosts on your network) are infected,
compromised, or otherwise sources of abuse directed at my network, I
want to deal with /you/, not with your upstream's abuse desk triage.
     I note, with a heavy hand, that there are no widely-disseminated
     standards governing the reverse DNS of an Internet host other than this
     draft, but administrators make decisions on it anyway.

On that and on a wide variety of other criteria, yes.
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2553 w: http://hesketh.com/
antispam news and intelligence to help you stop spam: http://enemieslist.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]