Re: [DNSOP] WGLC: "Considerations for the use of DNS Reverse Mapping"

[Robert Story <rstory@sparta.com>]

On Fri, 28 Mar 2008 15:28:17 -0700 JINMEI wrote:
JT/> AFrom dnsop-bounces@ietf.org  Sat Mar 29 15:24:13 2008
Return-Path: <dnsop-bounces@ietf.org>
X-Original-To: ietfarch-dnsop-archive@core3.amsl.com
Delivered-To: ietfarch-dnsop-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id CD56328C198;
	Sat, 29 Mar 2008 15:24:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.407
X-Spam-Level: 
X-Spam-Status: No, score=-100.407 tagged_above=-999 required=5
	tests=[AWL=-0.270, BAYES_00=-2.599, FH_RELAY_NODNS=1.451,
	HELO_MISMATCH_ORG=0.611, MIME_8BIT_HEADER=0.3, RDNS_NONE=0.1,
	USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id M1Vi9hw8BOZu; Sat, 29 Mar 2008 15:24:12 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 695433A693A;
	Sat, 29 Mar 2008 15:24:12 -0700 (PDT)
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id B9A583A6880
	for <dnsop@core3.amsl.com>; Sat, 29 Mar 2008 15:24:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 4aI+nXtNQoSe for <dnsop@core3.amsl.com>;
	Sat, 29 Mar 2008 15:24:11 -0700 (PDT)
Received: from M4.sparta.com (M4.sparta.com [157.185.61.2])
	by core3.amsl.com (Postfix) with ESMTP id DC3FC3A6825
	for <dnsop@ietf.org>; Sat, 29 Mar 2008 15:24:10 -0700 (PDT)
Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21])
	by M4.sparta.com (8.13.5/8.13.5) with ESMTP id m2TMO3XV003613;
	Sat, 29 Mar 2008 17:24:03 -0500
Received: from garak.ads.sparta.com (garak.sparta.com [157.185.63.81])
	by Beta5.sparta.com (8.12.11/8.13.1) with ESMTP id m2TMO3Vd021015;
	Sat, 29 Mar 2008 17:24:03 -0500
Received: from mailbin2.ads.sparta.com ([157.185.85.6]) by
	garak.ads.sparta.com with Microsoft SMTPSVC(6.0.3790.3959); 
	Sat, 29 Mar 2008 17:24:03 -0500
Received: from spx.vb.futz.org ([216.27.162.138]) by mailbin2.ads.sparta.com
	over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); 
	Sat, 29 Mar 2008 18:30:26 -0400
Date: Sat, 29 Mar 2008 18:23:53 -0400
From: Robert Story <rstory@sparta.com>
To: JINMEI Tatuya / =?UTF-8?B?56We5piO6YGU5ZOJ?= <jinmei@wide.ad.jp>
Message-ID: <20080329182353.5d30ef3f@spx.vb.futz.org>
In-Reply-To: <m2hceqlbzy.wl%Jinmei_Tatuya@isc.org>
References: <20080314034500.GE7553@x27.adm.denic.de>
	<m2hceqlbzy.wl%Jinmei_Tatuya@isc.org>
Organization: SPARTA
X-Mailer: Claws Mail 3.3.1 (GTK+ 2.12.5; powerpc-redhat-linux-gnu)
Mime-Version: 1.0
X-OriginalArrivalTime: 29 Mar 2008 22:30:26.0406 (UTC)
	FILETIME=[7C512060:01C891EC]
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0
	(M4.sparta.com [157.185.61.2]);
	Sat, 29 Mar 2008 17:24:04 -0500 (CDT)
Cc: Peter Koch <pk@DENIC.DE>, IETF DNSOP WG <dnsop@ietf.org>
Subject: Re: [DNSOP] WGLC: "Considerations for the use of DNS Reverse
 Mapping"
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
	<mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
	<mailto:dnsop-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="=======13766752="
Sender: dnsop-bounces@ietf.org
Errors-To: dnsop-bounces@ietf.org

On Fri, 28 Mar 2008 15:28:17 -0700 JINMEI wrote:
JT/> At Fri, 14 Mar 2008 04:45:00 +0100,
JT/> Section 3.2
JT/> 
JT/>    Reports from operators suggest that scoring mail on the basis of
JT/>    missing or non-matching reverse mapping remains an imperfect but
JT/>    useful measure of the likelihood that a given message is spam,
JT/>    particularly in combination with other measures.  It is clear that
JT/>    the presence of reverse mapping, and a match between the forward and
JT/>    reverse zones, is neither a necessary nor sufficient condition for a
JT/>    candidate message to be spam.
JT/> 
JT/> I'm not very much comfortable with a statement based on "some people
JT/> say something" because it's difficult to assess its validity.  In 
JT/> fact, I cannot really be sure that reverse mapping-based approach is
JT/> that effective, considering the fact that most of today's spams are
JT/> sent from botnets and the reverse mappings are often provided (when
JT/> provided) by the ISP, rather than the end users who host the bots.

But that's exactly _why_ it's effective.. the bots cannot change the ISP's
reversing mapping, so a system admin can decide to mark mail coming from dynamic27381.big-isp.example.com as very likely being spam.

-- 
Robert Story
SPARTA

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop