North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet)
>> Basically a call to operators to adopt a consistent forward and >> reverse DNS naming pattern for their mailservers, static IP netblocks, >> dynamic IP netblocks etc. > > ...and to ISPs to facilitate the process by supporting their users who > want to run mail servers, and helping the rest of us use such techniques > to quarantine the spew from zombies and less conscientious mail admins. > > I'm always willing to be educated on why it is impossible for any given > ISP to maintain an in-addr.arpa zone with PTRs for their customers who > wish to be treated like real admins, as opposed to casual consumer-grade > users with dynamically assigned addresses. The problem is it is easier to set it up with a single standard 4-3-2-1.dialup.xyzisp.com then to change the IN-ADDR to mail.customer2.com. I only have an rDNS entry on the box at home because I used to work for the ISP. It's still there only because they probably haven't noticed, and will not until I draw attention to it or I give up the space if I cancel service. Still, it took me 3 minutes to put rDNS on most of 7 of 16 in my /28. It existed in their provisioning system to do it, but no one knew how. We couldn't even market it as a service, because it "didn't exist" in the system. I can't imagine, though, SBC being able to cope with tens of thousands of small business DSL accounts suddenly needing rDNS on their static IP's. Another question, though, is how they handle IN-ADDR and swip for dedicated circuits. If they can do it for a T1 customer, can they do it for a DSL customer? Maybe an online form the customer can maintain? Lord knows that would be better then trying to call their DSL tech support . . . Joe Johnson
|