Re: [DNSOP] WGLC: "Considerations for the use of DNS Reverse Mapping"
Robert Story <rstory@sparta.com> Sat, 29 March 2008 22:24 UTC
Return-Path: <dnsop-bounces@ietf.org>
X-Original-To: ietfarch-dnsop-archive@core3.amsl.com
Delivered-To: ietfarch-dnsop-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CD56328C198; Sat, 29 Mar 2008 15:24:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.407
X-Spam-Level:
X-Spam-Status: No, score=-100.407 tagged_above=-999 required=5 tests=[AWL=-0.270, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, MIME_8BIT_HEADER=0.3, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M1Vi9hw8BOZu; Sat, 29 Mar 2008 15:24:12 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 695433A693A; Sat, 29 Mar 2008 15:24:12 -0700 (PDT)
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B9A583A6880 for <dnsop@core3.amsl.com>; Sat, 29 Mar 2008 15:24:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4aI+nXtNQoSe for <dnsop@core3.amsl.com>; Sat, 29 Mar 2008 15:24:11 -0700 (PDT)
Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by core3.amsl.com (Postfix) with ESMTP id DC3FC3A6825 for <dnsop@ietf.org>; Sat, 29 Mar 2008 15:24:10 -0700 (PDT)
Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.13.5/8.13.5) with ESMTP id m2TMO3XV003613; Sat, 29 Mar 2008 17:24:03 -0500
Received: from garak.ads.sparta.com (garak.sparta.com [157.185.63.81]) by Beta5.sparta.com (8.12.11/8.13.1) with ESMTP id m2TMO3Vd021015; Sat, 29 Mar 2008 17:24:03 -0500
Received: from mailbin2.ads.sparta.com ([157.185.85.6]) by garak.ads.sparta.com with Microsoft SMTPSVC(6.0.3790.3959); Sat, 29 Mar 2008 17:24:03 -0500
Received: from spx.vb.futz.org ([216.27.162.138]) by mailbin2.ads.sparta.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Sat, 29 Mar 2008 18:30:26 -0400
Date: Sat, 29 Mar 2008 18:23:53 -0400
From: Robert Story <rstory@sparta.com>
To: JINMEI Tatuya / 神明達哉 <jinmei@wide.ad.jp>
Message-ID: <20080329182353.5d30ef3f@spx.vb.futz.org>
In-Reply-To: <m2hceqlbzy.wl%Jinmei_Tatuya@isc.org>
References: <20080314034500.GE7553@x27.adm.denic.de> <m2hceqlbzy.wl%Jinmei_Tatuya@isc.org>
Organization: SPARTA
X-Mailer: Claws Mail 3.3.1 (GTK+ 2.12.5; powerpc-redhat-linux-gnu)
Mime-Version: 1.0
X-OriginalArrivalTime: 29 Mar 2008 22:30:26.0406 (UTC) FILETIME=[7C512060:01C891EC]
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (M4.sparta.com [157.185.61.2]); Sat, 29 Mar 2008 17:24:04 -0500 (CDT)
Cc: Peter Koch <pk@DENIC.DE>, IETF DNSOP WG <dnsop@ietf.org>
Subject: Re: [DNSOP] WGLC: "Considerations for the use of DNS Reverse Mapping"
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0413766752=="
Sender: dnsop-bounces@ietf.org
Errors-To: dnsop-bounces@ietf.org
On Fri, 28 Mar 2008 15:28:17 -0700 JINMEI wrote: JT/> AFrom dnsop-bounces@ietf.org Sat Mar 29 15:24:13 2008 Return-Path: <dnsop-bounces@ietf.org> X-Original-To: ietfarch-dnsop-archive@core3.amsl.com Delivered-To: ietfarch-dnsop-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CD56328C198; Sat, 29 Mar 2008 15:24:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -100.407 X-Spam-Level: X-Spam-Status: No, score=-100.407 tagged_above=-999 required=5 tests=[AWL=-0.270, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, MIME_8BIT_HEADER=0.3, RDNS_NONE=0.1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M1Vi9hw8BOZu; Sat, 29 Mar 2008 15:24:12 -0700 (PDT) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 695433A693A; Sat, 29 Mar 2008 15:24:12 -0700 (PDT) X-Original-To: dnsop@core3.amsl.com Delivered-To: dnsop@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B9A583A6880 for <dnsop@core3.amsl.com>; Sat, 29 Mar 2008 15:24:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4aI+nXtNQoSe for <dnsop@core3.amsl.com>; Sat, 29 Mar 2008 15:24:11 -0700 (PDT) Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by core3.amsl.com (Postfix) with ESMTP id DC3FC3A6825 for <dnsop@ietf.org>; Sat, 29 Mar 2008 15:24:10 -0700 (PDT) Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.13.5/8.13.5) with ESMTP id m2TMO3XV003613; Sat, 29 Mar 2008 17:24:03 -0500 Received: from garak.ads.sparta.com (garak.sparta.com [157.185.63.81]) by Beta5.sparta.com (8.12.11/8.13.1) with ESMTP id m2TMO3Vd021015; Sat, 29 Mar 2008 17:24:03 -0500 Received: from mailbin2.ads.sparta.com ([157.185.85.6]) by garak.ads.sparta.com with Microsoft SMTPSVC(6.0.3790.3959); Sat, 29 Mar 2008 17:24:03 -0500 Received: from spx.vb.futz.org ([216.27.162.138]) by mailbin2.ads.sparta.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Sat, 29 Mar 2008 18:30:26 -0400 Date: Sat, 29 Mar 2008 18:23:53 -0400 From: Robert Story <rstory@sparta.com> To: JINMEI Tatuya / =?UTF-8?B?56We5piO6YGU5ZOJ?= <jinmei@wide.ad.jp> Message-ID: <20080329182353.5d30ef3f@spx.vb.futz.org> In-Reply-To: <m2hceqlbzy.wl%Jinmei_Tatuya@isc.org> References: <20080314034500.GE7553@x27.adm.denic.de> <m2hceqlbzy.wl%Jinmei_Tatuya@isc.org> Organization: SPARTA X-Mailer: Claws Mail 3.3.1 (GTK+ 2.12.5; powerpc-redhat-linux-gnu) Mime-Version: 1.0 X-OriginalArrivalTime: 29 Mar 2008 22:30:26.0406 (UTC) FILETIME=[7C512060:01C891EC] X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (M4.sparta.com [157.185.61.2]); Sat, 29 Mar 2008 17:24:04 -0500 (CDT) Cc: Peter Koch <pk@DENIC.DE>, IETF DNSOP WG <dnsop@ietf.org> Subject: Re: [DNSOP] WGLC: "Considerations for the use of DNS Reverse Mapping" X-BeenThere: dnsop@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org> List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe> List-Archive: <http://www.ietf.org/pipermail/dnsop> List-Post: <mailto:dnsop@ietf.org> List-Help: <mailto:dnsop-request@ietf.org?subject=help> List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe> Content-Type: multipart/mixed; boundary="=======13766752=" Sender: dnsop-bounces@ietf.org Errors-To: dnsop-bounces@ietf.org
On Fri, 28 Mar 2008 15:28:17 -0700 JINMEI wrote: JT/> At Fri, 14 Mar 2008 04:45:00 +0100, JT/> Section 3.2 JT/> JT/> Reports from operators suggest that scoring mail on the basis of JT/> missing or non-matching reverse mapping remains an imperfect but JT/> useful measure of the likelihood that a given message is spam, JT/> particularly in combination with other measures. It is clear that JT/> the presence of reverse mapping, and a match between the forward and JT/> reverse zones, is neither a necessary nor sufficient condition for a JT/> candidate message to be spam. JT/> JT/> I'm not very much comfortable with a statement based on "some people JT/> say something" because it's difficult to assess its validity. In JT/> fact, I cannot really be sure that reverse mapping-based approach is JT/> that effective, considering the fact that most of today's spams are JT/> sent from botnets and the reverse mappings are often provided (when JT/> provided) by the ISP, rather than the end users who host the bots. But that's exactly _why_ it's effective.. the bots cannot change the ISP's reversing mapping, so a system admin can decide to mark mail coming from dynamic27381.big-isp.example.com as very likely being spam. -- Robert Story SPARTA
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
- [DNSOP] WGLC: "Considerations for the use of DNS … Peter Koch
- Re: [DNSOP] WGLC: "Considerations for the use of … Brian Dickson
- Re: [DNSOP] WGLC: "Considerations for the use of … Dean Anderson
- Re: [DNSOP] WGLC: "Considerations for the use of … Stephane Bortzmeyer
- Re: [DNSOP] WGLC: "Considerations for the use of … Andras Salamon
- Re: [DNSOP] WGLC: "Considerations for the use of … JINMEI Tatuya / 神明達哉
- Re: [DNSOP] WGLC: "Considerations for the use of … JINMEI Tatuya / 神明達哉
- Re: [DNSOP] WGLC: "Considerations for the use of … Paul Wouters
- Re: [DNSOP] WGLC: "Considerations for the use of … JINMEI Tatuya / 神明達哉
- Re: [DNSOP] WGLC: "Considerations for the use of … Brian Dickson
- Re: [DNSOP] WGLC: "Considerations for the use of … Andrew Sullivan
- Re: [DNSOP] WGLC: "Considerations for the use of … Brian Dickson
- Re: [DNSOP] WGLC: "Considerations for the use of … Robert Story
- Re: [DNSOP] WGLC: "Considerations for the use of … bmanning
- Re: [DNSOP] WGLC: "Considerations for the use of … Andrew Sullivan
- Re: [DNSOP] WGLC: "Considerations for the use of … Andrew Sullivan
- Re: [DNSOP] WGLC: "Considerations for the use of … Edward Lewis
- Re: [DNSOP] WGLC: "Considerations for the use of … Mark Andrews
- Re: [DNSOP] WGLC: "Considerations for the use of … bmanning
- Re: [DNSOP] WGLC: "Considerations for the use of … Mark Andrews
- Re: [DNSOP] WGLC: "Considerations for the use of … Andrew Sullivan
- Re: [DNSOP] WGLC: "Considerations for the use of … Edward Lewis
- Re: [DNSOP] WGLC: "Considerations for the use of … Andrew Sullivan
- Re: [DNSOP] WGLC: "Considerations for the use of … Ted Lemon
- Re: [DNSOP] WGLC: "Considerations for the use of … Joe Abley
- Re: [DNSOP] WGLC: "Considerations for the use of … JINMEI Tatuya / 神明達哉
- Re: [DNSOP] WGLC: "Considerations for the use of … Andrew Sullivan
- Re: [DNSOP] WGLC: "Considerations for the use of … JINMEI Tatuya / 神明達哉
- Re: [DNSOP] WGLC: "Considerations for the use of … Samuel Weiler
- Re: [DNSOP] WGLC: "Considerations for the use of … JINMEI Tatuya / 神明達哉
- Re: [DNSOP] WGLC: "Considerations for the use of … JINMEI Tatuya / 神明達哉
- [DNSOP] Issue 22, unfairness (was: WGLC: "Conside… Andrew Sullivan
- Re: [DNSOP] WGLC: "Considerations for the use of … Andrew Sullivan
- Re: [DNSOP] WGLC: "Considerations for the use of … Andrew Sullivan
- Re: [DNSOP] WGLC: "Considerations for the use of … Stephane Bortzmeyer
- Re: [DNSOP] WGLC: "Considerations for the use of … Dean Anderson
- Re: [DNSOP] WGLC: "Considerations for the use of … bill fumerola
- Re: [DNSOP] WGLC: "Considerations for the use of … Andrew Sullivan