OE6-Blockage-and Reverse DNS

Discussion in 'Computer Support' started by ellis_jay, Jun 30, 2005.

  1. ellis_jay

    ellis_jay Guest

    Is it possible in Outlook Express 6 to add a rule or block email posted from
    sources that have no Reverse DNS entry?

    tia




    --

    Their ethics are a short summary of police ordinances: for them the most
    important thing is to be a useful member of the state, and to air their
    opinions in the club of an evening; they have never felt the homesickness
    for something unknown and far away, nor the depths which consists in being
    nothing at all.
    ___________Soren Kierkegaard

    Ellis_jay
     
    ellis_jay, Jun 30, 2005
    #1
    1. Advertisements

  2. ellis_jay

    Mike Easter Guest

    No.

    I'm going to assume you mean blocking, filtering, or tagging email which
    is sourced from an IP with no rDNS. OE's message rules are extremely
    weak, and can't do much of anything with but a few header related items
    such as To, From, Subject, and body word content.

    People who run servers can do that; but it would cause them false
    'positives', as there are valid senders who would have no rDNS. The
    value of doing it at the server level is that the server can reject the
    mail very early in the transaction process, making for great efficiency.
    The even greater value is that a legitimate sender would know that their
    mail had failed, and they could derive some other route to communicate
    or they could properly configure their smtp server to rDNS compliantly.

    From a client point of view, there would have to be some kind of proxy
    between OE and the mailserver which could examine the headers and
    filter/tag the item based on some kind of list, such as a DNSBL -- and
    SpamPal could do that if there were a 'no rDNS DNSBL' but there isn't.

    I don't know of any proxy which would perform a rDNS lookup on a
    header-found IP; that would be a very awkward function for a client or
    the client's proxy, while it would be a simple function for a server
    during the transaction.
     
    Mike Easter, Jun 30, 2005
    #2
    1. Advertisements

  3. ellis_jay

    ellis_jay Guest

    The reason I asked is because of the weird, disjointed emails coming through
    to my personal account. Here is a sample:

    " heuser decoyfrangipani Willis was at malraux when that happened befogging.
    hardtack at keel or even wattle as in sanicle. Gabrielle was at chowder when
    that happened planetarium. Brittany was at nickname when this happened
    goldwater. candide at woman or even tecum as in pinkish. Milo was at
    mockingbird when that happened moo. David was at tacit when this happened
    conferee. roost at octagon or even nyc as in cologne. Gavin was at radian
    when that happened bach. lynn. bowen at flog or even cogitate as in adolph.
    Lyman was at duncan when that happened dispel. Carly was at makeup when this
    happened troutman. effaceable at moat or even culinary as in liquidus..."

    This type of email was discussed in another thread in this ng and they seem
    to be spam tools (if I understand replies in that thread correctly). I got
    nowhere running properties and source in the headers through
    http://www.dnsstuff.com/ .

    But I gotta tell ya that I'm not the sharpest razor in the pack when it
    comes to header info or tracking down the culprit who is invading my little
    string in space.

    Thanx for the reply.




    --

    Their ethics are a short summary of police ordinances: for them the
    most important thing is to be a useful member of the state, and to air
    their opinions in the club of an evening; they have never felt the
    homesickness for something unknown and far away, nor the depths which
    consists in being nothing at all. ___________Soren Kierkegaard

    Ellis_jay
     
    ellis_jay, Jun 30, 2005
    #3
  4. ellis_jay

    Vanguard Guest

    But SpamPal does have a dynamic IP address blocking plug-in. MXblock
    will tag e-mails that come from dynamic IP addresses which occur from
    dial-up or cable/DSL broadband users that are infected with a mailer
    trojan.
    The rDNS lookup probably wouldn't be that effective, anyway. Even if
    the sender had an rDNS entry, which dial-up and cable/DSL users do (just
    run "nslookup <yourIPaddr>"), that doesn't mean you want their e-mails.
    Instead the mail server needs to check if the IP address for the sending
    mail server at that domain is one of the MX records listed by the DNS
    server at that domain (i.e., is the sending mail server listed by that
    domain as one of its authorized mail servers). The client doing that
    would be doing it too late since the e-mail already got sent by the time
    the client sees it. That would be a mail server function.

    Similarly, greylisting works to eliminate spam coming from zombied hosts
    but is only effective if implemented at the receiving mail server.
     
    Vanguard, Jun 30, 2005
    #4
  5. ellis_jay

    Vanguard Guest


    Since you didn't provide the raw code of an example spam mail containing
    the disjointed text to which you refer, all we can do is guess at what
    you got. The spam probably contained an embedded image that showed the
    spam content (which filters cannot interrogate) and the jumbled prattle
    at the end is to poison Bayesian filters (some are more susceptible than
    others).
     
    Vanguard, Jun 30, 2005
    #5
  6. That's probablly an HTML. Filter out HTML emails. If your friends
    send HTML emails, tell them to stop. My HTML filters kill more spam
    than any of the other ones.
     
    Blinky the Shark, Jun 30, 2005
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.