Well...
prodigy does that in Mexico.
it is not too far away, as they are the biggest ISP on Mexico and Latin
America
----- Original Message -----
From: "David Gillett" <gillettdavid@fhda.edu>
To: "'LordInfidel'" <LordInfidel@directionweb.com>; "'Derek Schaible'"
<dschaible@cssiinc.com>; <security-basics@securityfocus.com>
Sent: Thursday, September 09, 2004 10:29 AM
Subject: RE: Final Words on "Educating RDNS violators" - Debunking the
Myth's
-----Original Message-----
From: LordInfidel [mailto:LordInfidel@directionweb.com]
The answer is, while most ISPs will allow their customers to
relay mail thru their servers, they will only allow mail from
their (the isps) domain name space.
I have never encountered an ISP who imposed this restriction,
which is neither easy to implement, nor necessary for the ends
the ISP is trying to accomplish.
What the ISPs I've dealt with implement is blocking their non-
static ADDRESS SPACE from sending out SMTP directly to outside
destinations without relaying through the ISP's SMTP server.
This is sufficient to block/prevent:
1. Email viruses/worms that contain their own SMTP engine.
2. Spam sources that contain their own SMTP engine.
3. Compromised/open relays.
4. Servers set up in violation of ToS.
5. Faked headers claiming that a spam/virus/etc originated in
their non-static address space, since they can demonstrate
that that's not possible.
All without looking at any domain information, either domain
name space OR rDNS!
All that checking rDNS tells you is that the sender has valid
rDNS information. It doesn't tell you anything about whether
the source is or is not doing any of the above five things,
especially if, as the ISP, you've set up basic rDNS for your
address space (or at least your server) in order to routinely
pass such checks implemented on destination servers.
Dave Gillett
----------------------------------------------------------------------------
----
--------------------------------------------------------------------------
-
Computer Forensics Training at the InfoSec Institute. All of our class
sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills
of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.
http://www.infosecinstitute.com/courses/computer_forensics_training.html
--------------------------------------------------------------------------
--
---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.
http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------
