North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ATTBI refuses to do reverse DNS?

  • From: Jared Mauch
  • Date: Wed Jun 19 09:21:59 2002

On Tue, Jun 18, 2002 at 06:20:44PM -0700, Patrick Thomas wrote:
> Once again, thanks for imposing your conveniences on me, and for
> ARBITRARILY _breaking the network_ when I choose not to participate.  It
> is arbitrary because you and I both know there is no technical reason to
> discriminate against non-named hosts.

	Actually there is.

	statistically speaking these hosts tend to be less well
maintained and more likely the source of spam, amongst other things.

	This is only used on smtp here.  It's not like i'm running
a dynamic bgp feed that injects a /32 null0 route for someone who
has no reverse dns.

	This method was not reached arbitrarily.  after many years
of "hey, this host is an open-relay", attempting to contact
the rfc2142 prescribed contacts as well as those
stored at arin/ripe/apnic to resolve the issue.  These people are
either real rogue hosts, or people that don't understand why they need
such fancy services as dns.  I seriously think this has to do with
clue dilution and the "diameter of the internet thread" as with the
treatment of the internet as a comodity as it has become, there are
less incentives to get it right rather than get the service on to bill
the customer.

	There are some days I wish it was (yes, there were others, but..)
back to the original few (ANS, uunet, SprintLink, internetMCI) as one
could expect a particular level of service and competence out of ones
provider.

	As for the original issue, i encourage ATTBI (as well as all
providers) to provide some sort of reverse dns for  their netblocks
be it unknown.level3.net, or 1-2-3-4.rev.example.com.

	- Jared

> 
> --PT
> 
> On Tue, 18 Jun 2002, Jared Mauch wrote:
> 
> > 	And it will continue to work that way.
> >
> > 	That is the quality work of the people who spend many
> > man-hours putting together such a system that is robust enough
> > that when i decide that when you send me e-mail (not via a list)
> > from a host that has no reverse dns, i can easily flag that for
> > further scrutiny.
> >
> > 	What you are missing here is that, while yes, you can
> > send e-mail from [email protected][1.2.3.4] to people, they may say "hmm, e-mail
> > from an ip address is not typical of the people that i communicate
> > with", and therefore treat it differntly.  just like policy-routing
> > but for your mailbox.
> >
> > 	it is a good reflection of provider clue(tm).  even if they
> > have rev-192.168.0.1.example.com. as their reverse dns, it's slightly
> > more responsible (imho) than nothing/nxdomain.
> >
> > 	- jared
> >
> > On Tue, Jun 18, 2002 at 05:48:29PM -0700, Patrick Thomas wrote:
> > >
> > > Hi - what if I don't _want_ a domain name ?  Last time I checked all of
> > > the standard Internet protocols worked just fine with just an IP - thank
> > > you for imposing your own sense of expediency and "convenience" on me and
> > > then arbitrarily breaking the network for me when I choose not to
> > > participate.
> > >
> > > --PT
> > >
> > > On Tue, 18 Jun 2002, Jared Mauch wrote:
> > >
> > > >
> > > > On Tue, Jun 18, 2002 at 04:54:54PM -0500, Stephen Sprunk wrote:
> > > > >
> > > > > Thus spake "Stephen Griffin" <[email protected]>
> > > > > > The lack of clue tends to be on the providing in-addr side of
> > > > > > things.  I think it is a great thing to refuse connections from
> > > > > > ips without in-addr, in the same way it is great to refuse mail
> > > > > > from domains that don't provide postmaster addresses.
> > > > >
> > > > > On first reading, I thought that was sarcasm.  Now I realize you're serious.
> > > >
> > > > 	I've found that filtering out mail from
> > > > people that have no reverse dns tends to typically point to
> > > > a) open-relays, b) spam, c) lack of working abuse/postmaster.
> > > >
> > > > > > It is a means through which one can influence the laziness of
> > > > > > others.  Simply disregarding what others do, only legitimizes
> > > > > > the laziness, and continues us along the road of everyone
> > > > > > doing the absolute minimum.
> > > > > > ...
> > > > > > You neglect to include the option of the customer changing
> > > > > > to an ISP that provides in-addr.
> > > > >
> > > > > So, if you ran Amazon.com, you wouldn't accept money from customers of clueless
> > > > > ISPs?
> > > >
> > > > 	You can't do it on the store side, but you can do it on the
> > > > residental customer side, or at least give those messages a higher
> > > > level of attention in any overall spam score for a message.
> > > >
> > > > > Sadly, even that level of coercion wouldn't be anywhere near enough to motivate
> > > > > most ISPs.  And your (non-)customers will be caught in the crossfire.
> > > >
> > > > 	Anyone that sends e-mail to me from a host/server with no reverse
> > > > dns I will not see.  It is not rejected w/ 400/500 series code
> > > > as I know some people do.  it goes to it's own 'spam' folder.
> > > >
> > > > 	I have found that some companies (american express) for
> > > > example can not seem to make their systems have reverse dns, and
> > > > they suffer from the lack of a working postmaster/hostmaster
> > > > address too.
> > > >
> > > > 	It just means i read that folder once every few days and
> > > > periodically send e-mail to people i know that have hit the filter
> > > > or other legit folks.
> > > >
> > > > 	- jared
> > > >
> > > > --
> > > > Jared Mauch  | pgp key available via finger from [email protected]
> > > > clue++;      | http://puck.nether.net/~jared/  My statements are only mine.
> > > >
> > >
> >
> > --
> > Jared Mauch  | pgp key available via finger from [email protected]
> > clue++;      | http://puck.nether.net/~jared/  My statements are only mine.
> >

-- 
Jared Mauch  | pgp key available via finger from [email protected]
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.