|
Donation/Premium |
|
 |
|
|
|
|
|
|
|
Survey |
|
|
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
i_rod
Trooper
Joined: Jul 12, 2005
Posts: 21
Location: Canada
|
 Posted: Fri May 16, 2008 12:47 pm Post subject: |
|
|
tembow wrote:
| Quote: | | “If you lie about the domain name, and you lie about the MAIL FROM, you will get different success rates with differently configured mail exchanges.” |
tembow;
Ahhh, some balm for my weary, tortured brain. At least that was so until I had my 2nd giant latté Italiano. Now I feel like I could ski uphill and broadcast on F.M. stereo.
Thinks: my MTA is perfoming the rDNS queries on these “unresolvables” within mss. of receiving the HELO from the senders' host server; even before accepting the packet containing the text. Wouldn't the senders' hosts have to have at least a temporary SOA or DNS record for the PC?
Understood, the W-bot can lie about what info it gives in establishing the telenet connection apropos loosly configured, or poorly administered mail exchangers. But giving a bogus domain name is not the same as giving none.
I'm thinking too, that unless some record, even a 'virtual' one, is held 'de riguere', the host server/net wouldn't be able to 'globally' service clients needing file or data exchanges; (e.g., a store automatically backing up register data on a remote server) ...different ports and protocols notwithstanding. They would only be able to provide these services 'selectively'.
If the example I gave was an anomaly, I could attribute the rDNS failure to having occurred at the end of a spam run; after the W-bot disconnected. However, there is a notable incidence of these failures to one of my trap accounts (hence my curiosity); ...indicating to me a pattern that is significant and that a 'cum hoc ergo propter hoc' rationale 'don't satisfy', as the saying goes. It is therefor probable that the failures occur even during the spam run; i.e., while the W-bot is connected. Even the practices of rotating IPs and/or multiple Domain Registrations wouldn't explain the problem unless the inferred infection(s) have advanced so's to be able to accomplish such feats in mere mss.
I'm mindful of what you say about technically being able to send without a domain name being in evidence in the SMTP record. After all, I'm getting them; eh? I'd like to be able to understand, and be convinced, as to the extent to which the ISP's or hosts ought be implicated in deliberate and censurable deceit. If their servers are configured so's to deliberately and selectively hide certain sender's domain names, then this needs to get documented for follow up with the authorities.
Just FYI; these “Received-SPF:” ...x-ip-name=;" no results (failed rDNS queries) are ostensibly coming from ISPs in Brazil, Saudi Arabia, Israel and Morocco. If you're curious and in need of amusement, here's one <.net.il> that came in an hour or so ago. [77.127.65.217]
You're a real 'mensch' for helping me out with this. You must have a lot of patience; or sedatives.
|
|
| Back to top |
|
 |
i_rod
Trooper
Joined: Jul 12, 2005
Posts: 21
Location: Canada
|
| Posted: Fri May 16, 2008 2:06 pm Post subject: |
|
|
| Quote: | | If their servers are configured so's to deliberately and selectively hide certain sender's domain names, then this needs to get documented for follow up with the authorities. |
... or in my little world, this spam represents a distinct CLASS that should be evaluated as such.
|
|
| Back to top |
|
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
Powered by phpBB © 2001 phpBB Group
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
