on Tue, Sep 21, 2004 at 02:11:11PM -0400, Daniel Senie wrote: <snip good info>
2) for dialup, DSL and Cable users on dynamic ports who should not generally be running servers, name the INADDR with something like:
w-x-y-z.dialup.example.net w-x-y-z.dynamic.example.net
or similar. I don't care what scheme you want to use to the LEFT of 'dialup.example.com' or 'dynamic.example.com' but please put the information about these being dynamic blocks in a place where they can be filtered using simple mechanisms (i.e. without regex overheads).
With the naming above, it's easy to filter out dialup.example.com in the access lists of mail servers without any worries. Users coming in from those addresses using authenticated connections to the submission port will work fine, while spam direct from those machines will not work.
Many ISPs do this quite well. While it's still some work for the receiving systems vs. port 25 filtering, it sure beats guessing about remote topologies.
FYI - I've been tracking rDNS naming conventions for many ISPs for the past year and a half. (Basically, if your network is secure, I don't know about you - I only track rDNS for hosts that relay spam or spew viruses at me). Of the approximately 4800 networks (by domain) I've tracked, 1935 are known to be in the US, Mexico, or Canada. Of those, 509 have some form of RHS-friendly rDNS. Roughly 26%. Better than last year, but still pretty bad. cgocable.ca cabletv.on.ca aci.on.ca eastlink.ca powergate.ca primus.ca sympatico.ca ubc.ca uoguelph.ca uniserve.ca utoronto.ca videotron.ca netidea.bc.ca ulaval.ca ualberta.ca dal.ca uottawa.ca uwo.ca connection.ca terago.ca accesscomm.ca ucc-net.ca sfu.ca yorku.ca ncf.ca rushcomm.ca eol.ca mcgill.ca oricom.ca vdn.ca amdsb.ca umontreal.ca cyberus.ca knet.ca magma.ca mcmaster.ca usherbrooke.ca cgi.ca unb.ca sprintdsl.ca aol.com aracnet.com atlantabroadband.com attbi.com insightbb.com mchsi.com bbtel.com ccapcable.com cerfnet.com charter.com dancris.com execulink.com mindspring.com nexband.com rcn.com redshift.com ripnet.com rogers.com rr.com theplanet.com wideopenwest.com xmission.com cablenet-va.com charter-ala.com cox-internet.com quik.com gvtc.com bah.com lan2wan.com westelcom.com power1.com mdsg-pacwest.com eschelon.com gvtel.com nettally.com octapus.com firstlink.com hbci.com iinet.com naxs.com ntplx.com tfb.com srtnet.com theriver.com vcn.com visi.com webhostplus.com winbeam.com gtlakes.com varian.com royaume.com primarydns.com netdoor.com registeredsite.com bearingpoint.com core.com tvc-ip.com teksavvy.com opt2opt.com quiknet.com srt.com pcspeed.com cadvision.com mynethost.com 800hosting.com scrtc.com speede.com warpdriveonline.com wavecable.com lightyearcom.com midmaine.com prairieweb.com c2bandwidth.com innercite.com cintelecom.com hyperusa.com seanet.com cwia.com mcttelecom.com osp-chicago.com primenet.com fire2wire.com calltech.com anobi.com telus.com hyatthsiagx.com spiritone.com aesirnetworks.com foxinternet.com willscot.com acetechusa.com aeanetwork.com alabanza.com arishost.com calpop.com computechnv.com datapeer.com fatcow.com iwaynetworks.com linuxwebnet.com mobilenetics.com skybitz.com tir.com unitedcolo.com zedcom.com zoolink.com crestviewcable.com mipops.com neteze.com wilnet1.com conninc.com asu.edu berkeley.edu brown.edu bucknell.edu cmich.edu cmu.edu colorado.edu columbia.edu cornell.edu csulb.edu csuohio.edu dartmouth.edu duke.edu ecu.edu fsu.edu furman.edu gac.edu gatech.edu harvard.edu hawaii.edu indiana.edu msu.edu ncsu.edu nodak.edu pepperdine.edu psu.edu purdue.edu rit.edu siu.edu swt.edu tamu.edu ttu.edu ua.edu ucla.edu ucsd.edu uga.edu uh.edu uidaho.edu uiowa.edu uiuc.edu umass.edu umd.edu umich.edu unc.edu unt.edu upenn.edu uri.edu usf.edu utexas.edu utk.edu utoledo.edu uwec.edu vt.edu wsu.edu wwu.edu drexel.edu brockport.edu macalester.edu ou.edu arizona.edu mnscu.edu wustl.edu ilstu.edu uci.edu clarkson.edu missouri.edu ncat.edu usc.edu uky.edu yale.edu ufl.edu vanderbilt.edu clemson.edu du.edu kent.edu trinity.edu upr.edu csuchico.edu depaul.edu bloomu.edu cmsu.edu msoe.edu neu.edu utah.edu uaf.edu alaska.edu trincoll.edu marshall.edu pitt.edu northwestern.edu temple.edu maine.edu albany.edu uno.edu virginia.edu cwru.edu emich.edu tcu.edu buffalo.edu byu.edu uconn.edu rpslmc.edu emory.edu vcu.edu unco.edu cabrini.edu wm.edu pdx.edu carleton.edu jhu.edu mtu.edu utc.edu ualr.edu colostate.edu washington.edu uwp.edu nyu.edu gsu.edu smu.edu wisc.edu wilkes.edu roch.edu uchicago.edu iupui.edu okstate.edu cablered.com.mx podernet.com.mx avantel.net.mx infosel.net.mx alestra.net.mx 1st.net 21stcentury.net acsalaska.net adelphia.net airmail.net algx.net allstream.net alltel.net ameritech.net att.net attwireless.net bellatlantic.net bresnan.net bright.net btitelecom.net centurytel.net cgocable.net chartertn.net comcast.net comporium.net cnc.net coretel.net covad.net cox.net cypresscom.net dsl.net earthlink.net eatel.net enter.net frontiernet.net genuity.net globetrotter.net graceba.net grandecom.net grouptelecom.net gtei.net gte.net igs.net ij.net infoave.net iowatelecom.net level3.net madisonriver.net mcleodusa.net mnsi.net mountaincable.net mts.net navix.net netins.net networktel.net nextweb.net ntelos.net nvbell.net one.net optonline.net pacbell.net personainc.net ptd.net prserv.net quickclic.net qwest.net ricochet.net rmci.net shawcable.net sigecom.net snet.net speakeasy.net starband.net surewest.net swbell.net tds.net telus.net telusplanet.net tht.net twtelecom.net uslec.net uswest.net uu.net verizon.net voyager.net warwick.net xo.net e-nt.net k-state.net sprint-canada.net sprint-hsd.net terranova.net nauticom.net socket.net ziplink.net epix.net kci.net kmcmail.net abac.net earthnet.net gwtc.net ctsmail.net accessus.net aloha.net beld.net above.net stargate.net redwing.net chilitech.net uswo.net logical.net golden.net win.net verio.net tachyon.net chartermi.net sherbtel.net charterpipeline.net mercury.net lmi.net concentric.net airstreamcomm.net alerondial.net arrival.net atlantech.net atlantic.net bluegrass.net charlevoix.net corecomm.net evertek.net frii.net garlic.net hargray.net hicv.net inter.net intermonde.net internorth.net iquest.net mwt.net prairieinet.net rcnetworks.net restel.net wcom.net velocitus.net wt.net vnet.net brightok.net spacestar.net digitalpath.net hexcom.net shentel.net qx.net comcastbusiness.net volcano.net qis.net fcc.net dandy.net interdial.net psi.net lan2wan.net pacificcoast.net impulse.net incentre.net forethought.net sover.net itlnet.net grandenetworks.net llix.net openband.net tns.net dsl-only.net metalink.net mich.net dasia.net hereintown.net cwis.net sunset.net thebiz.net donobi.net mw.net nac.net speedfactory.net sbcglobal.net texas.net alliancecom.net westpa.net uiowa.net rrv.net bway.net axs2000.net centennialpr.net cfu.net kansas.net anc.net acceleration.net ao.net aoltw.net alter.net cari.net eli.net sfl.net dti.net santel.net exatt.net swva.net fastfreedom.net mzima.net rnetinc.net hiwaay.net imaginenet.net cloud9.net ncia.net infocrossing.net inreach.net lincon.net mags.net mfnx.net mcisi.net sagonet.net servint.net sitestream.net worldspice.net shreve.net xtelegent.net island.net means.net relia.net hickorytech.net brtc.net luhs.org pmt.org wbdl.org carrollton.al.us NOTE: not everyone listed here uses RHS-friendly rDNS consistently, these are just the folks we've managed to discover are using it at all. <snip even more good info> -- join us! http://hesketh.com/about/careers/web_designer.html join us! hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com join us! http://hesketh.com/about/careers/account_manager.html join us!