Reverse DNS Lookup Opinion

Our email at my company is hosted by an ISP. To combat the recent virus and SPAM they have implemented Reverse DNS lookup which has been great for us with one exception. We have several companies that we need to receive mail from that do not have their PTR records set up properly and we can not receive their mail. They blame me-I blame them. I am told NO ONE in the industry uses RDNS. I was trying to get a feel for whether people do or not. It seem like a great way to fight a serious problem if everyone would set up their DNS correctly. Am I wrong?

It is preferred that you use SPAM blacklists.

They do-we still get SPAM out the wazoo. Spoofed emails etc. The black list doesn't touch it.

spoofed mails are still blocked by blacklists. There are actually several blacklists out there which block whole subnets, like comcast clients for example.

Reverse DNS is getting more common everyday for spam issues AOL I believe is using RDNS now also. It would be very wise for people to start setting up PTR records and you are not in the wrong.I have been to many clients in the past two months not being able to send to certain domains due to RDNS also some secure web sites use RDNS. Blacklists are getting a little to picky as the are starting to block if you are in a dhcp IP range which some of my small clients have mail servers on cable modems which just gives you a static within their dhcp scope and they are getting blacklisted.

in my humble opinion neither system will block everything. Also, both systems will block innocent people. However, also in my opinion blacklists better target spammers, while RDNS techniques target improperly configured reverse ptr records. Yes, there are blacklists that are too generic - don't use them! Only use blacklists that compile known offenders and most ISP's like comcast. Or better yet, build your own blacklist!

Another argument against the RDNS technique. It's weak. Spammers will just start using properly configured mail servers. Blacklists ban by IP as well as certain reverse PTRs. Think of spammers like a cancer. I would much rather cut out the tumors and otherwise attack the cancer areas (blacklists) rather than kill off the entire body through chemo (RDNS).

Well one more reason to use PTR is microsoft made it default to do RDNS on exchange 5.5 sp4. to turn off RDNS on exchange 5.5 sp4 you will have to make registry changes.

so your argument is that since microsoft uses it and aol uses it we should all use it? What about my arguments? Did you disagree?

Yes I disagree with you, unless you dont mind not being able to send e-mail to anyone in aol or running exchange 5.5 sp4. personaly my clients would flip out. This is also one more way of making sure your mail comes from a valid domain and does make it harder for spammers.

First of all I agree that everybody should have reverse PTR's for their mail servers.

This is 2 new arguments I thought of.

1) Spammers can spam with reverse PTR's easily. If everybody in the world blocked based on reverse DNS being improperly configured then spammers would simply adapt. Not a very good solution. Blacklists however cannot be so easily thwarted. If you compile a list of known spamming IP's and block them then you can rest more assured that spammers will not get in. Arbitrarily blocking everybody who hasn't setup proper reverse DNS does not target spammers only.

2) Another downside with reverse DNS is that you have to make a DNS lookup with every email. This is bad if you are suddenly swamped in mail resulting from viruses. Using reverse DNS it slows down mail transactions and further chokes internet bandwidth under high load.

In summary:

Blacklists: Target spammers more exclusively. Harder to get around this security measure. More efficient, and robust.
RDNS: Targets the innocent and guilty alike. Easier to get around this security measure. Costs more resources and prone to attack.

If I am wrong; tell me how I am wrong.

I aggree with what you are saying to a point which is the fact that alot of major networks are doing RDNS and that means you should setup a PTR record for your network or else you risk not being able to send to some major players.
I could care less about the SPAM aspect. This does not meen you need to have your own server set for RDNS. Which I have dissabled in 5.5sp4 servers in the registry because they could not send to people whithout a PTR. The question was raised on whether to have a PTR or not and only a fool would not setup a PTR this day and age unless they dont care about sending and recieving e-mail from some domains and dont mind having a half baked network setup. In the original post sdesbrough said "I am told NO ONE in the industry uses RDNS. " I cant imagine a larger e-mail domain then AOL not to be able to send to. also I have been to secure web sites that do RDNS to verify the visitor is from a legit domain it has purposes other than spam is it 100% foolproof? no, but neither is your firewall but it slows them down.

Ah, so you were mostly addressing that it is critical that people setup reverse PTR's for their servers. I see, I totally agree. So I guess from the company perspective you see how it is preferred to use blacklists instead of reverse PTR verification?

Hey Guys,

I was just looking over you anti-spam discussion. Utilization of any one method for protection will fail.
1) Blacklists - great, but spammers use spoofed address....
2) PTR Records - Helps, guarantee's the machine is there..

However, these solution even together are very weak and will result in many false positives. Things that help:
1) adding RBL's
2) content filters
3) baynes filters

Now you can do all that with spam assassin and its free.... I noticed one of the arguments mention additional DNS overhead. If you doing much mail (we do about 3 mil transactions per month) then you should be running DNS on your mail servers. This mean that most of the time the info will be in cache.

Our spam solution for 6000+ users is in excess of 90% accurate. It takes time to get all the parts tweaked. I have one users that we trap 13,000 spams a month and the amount of business traffic is almost nil.

Thats just my 10 cents.

Mark