on Tue, Apr 20, 2010 at 11:39:11PM -0500, James Hess wrote:
EXCEPT.... that is just an example, don't actually use a hostname like "ip192-0-0-1.example.com." in real life.
[*] Certain overly aggressive blacklists assume that the host must be a dynamic / dial-up user due to the presence of "192-0-0-1", which is recognized to be an IP address, so be careful.
While I don't consider my project to be "over-aggressive", you should be aware that many antispam filtering systems do classify hostnames as a class by their naming convention (in my case, I have ~52K patterns for naming conventions in around 27K domains, classified by assignment and other types and where possible by the technology in use eg static/dsl, dynamic/dialup) and use those classifications to determine policy. So, if you're intending to do the right thing here WRT your PTR naming, it'd behoove you to indicate at the very least whether these are to be used by end users (who are more likely to be infected with bots), whether they're dynamically or statically assigned, whether they're legit sources of mail, etc. Best current practice is to allow customers running mail servers to assign custom and appropriate names to said hosts (including PTR, not just A). Also, to make it easier for folks running older MTAs without decent regex support to block unwanted bot mail try to keep the most significant token to the right hand side, a la 1-2-3-4.raleigh.nc.dsl.dyn.example.net instead of dsl-1-2-3-4-dynamic.nc.raleigh.example.net So they can block all mail from dynamics with a simple 'dyn.example.net' instead of having to collect access.db entries for every city you happen to provide access to. The rest of the Internet thanks you in advance ;-) Having some comment or memo in your SWIP for the block that indicates what the block's IPs are to be used for is also helpful, as when the PTR is obscure and unhelpful rwhois is the next obvious place to turn for enlightenment. I've written up some tips and hints here: http://enemieslist.com/news/archives/2009/06/principles.html http://enemieslist.com/news/archives/2009/06/basic_principle.html http://enemieslist.com/news/archives/2009/06/basic_principle_1.html http://enemieslist.com/news/archives/2009/06/basic_principle_2.html http://enemieslist.com/news/archives/2009/07/a_passionate_cr.html http://enemieslist.com/news/archives/2009/07/why_we_suspect.html Comments welcome. As for those supposed blacklists that treat n-n-n-n as an obvious dialup, they're going to run into a lot of trouble if they try to classify any of these hosts that way (they are in all likelihood MXen or outbounds): 203-214-65-42.mail2.fft.com.au 189-17-23-133.alpinet.com.br mx-189-108-118-122.compertratores.com.br 200-206-157-155.mail.eletti.com.br 200-148-137-195.fundecitrus.com.br 200-206-216-150.corpmail.panini.com.br 200-204-147-132.smtp-gw.scanbrasil.com.br gate-193-85-144-1.e-one.cz 63-145-232-66.accessintel.com 24-43-168-100.biz.aceweb.com mm-notify-out-72-21-209-53.amazon.com 69-20-71-3.clearrequest.com mx-82-102-77-85.infocreditgroup.com 84-45-12-85.interparcel.com 64-128-133-217.static.ithikon.com s199-126-14-180.local1111.com adsl-66-139-110-100.midwestrug.com sm-70-42-226-219.quepasa.com so-63-131-152-52.serviceobjects.com 216-139-224-52.aus.us.siteprotect.com 151-204-36-17.smtpusa.com mx-119-92-80-10.theorchardgolf.com 203-214-65-56.mail.thomsettinternational.com antispam-213-183-191-209.ewe-ip-backbone.de 11-176-40-206-reverse.brazosport.edu 209-184-246-217.labette.edu 124-247-238-41.mail.ashwath.in 186-227-63-74.reverse.wirepressnewsalerts.info 77-49-165-194.celeo.net mail-36-244-187-78.imzahost.net 66-50-173-37.masso.net 35-225-63-74.reverse.wirepresswirenewsalerts.net mx-213-48-133-164.aclt.org host84-233-131-230.19.co.uk 207-193-177-11.crowley.k12.tx.us HTH, Steve -- hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2553 w: http://hesketh.com/ antispam news and intelligence to help you stop spam: http://enemieslist.com/