I have seen others make reference to their rDNS being refused from some of their ISP's and this question comes up from time to time as to what is "spammy looking" and runs you the risk of getting Cloudmarked right out of the gate, versus solid rDNS. When I've seen that "spammy rDNS" remark made. It appears to be auto generated through some sort of program. However, I could be mistaken. Feel free to give your 'best practices' or recommendation. Fire away ladies. :thrasher:
multiple things 1) a bunch of "mx" or "mail" in a row mx1.blah.com mx2.blah.com mx3.blah.com 2) dynamic reverse dns or place holder reverse dns assigned by an isp fe.e8.7aae.static.theplanet.com dyn-13847.dns.ma.blah.com 3) gibberish domain names fishsorcery223.net grapesofcarpetxa.net 4) call to action type of domains clickherforfreeipods.net fastcashinyourbank.net 5) having reverse dns for every ip in the range is suspicious, especially if it's 1 domain for the entire range
Just don't be an idiot! Just put yourself in the shoes of a manual reviewer and ask yourself: "Does it look suspicious"? That would cover all cases mx10 mentioned plus a lot more you might think of. To fully appreciate what I am talking about watch this video: http://www.youtube.com/watch?v=bVVsDIv98TA So just ask yourself: "Would an idiot do that?".
Does anybody have a tool which allows you to view the rdns on an entire /24 at once, or does everyone scan 1 ip at a time?
i'm sure there are more elegant ways to do this but off the top of my head heres a bash command line: for i in `seq 2 254` ; do host 174.122.232.$i ; done
I always seemed to have issues when I was running .info's too...I think in general those are looked at as spam extentions by everyone. :smokin:
Well, there's a few different concerns. One is raising suspicions with IT staff on a network you're being incognito on, a more serious one is spamhaus scanning the network because there are other mailers on it or nearby who drew their attention. They see the rdns entries, they look up the ips on senderbase, they see multiple ips have mail traffic on the range, they sbl with "suspected snoeshow spam range, we will consider removing this listing when we learn the identity of the owner of this ip space". I think hatter may have also been asking because he wanted to know what kind of rdns entries get you rejected by mail servers when you try and connect, which is caused by having rnds that looks like dynamic dns that a broadband connection would have, some isps block anything that looks similiar to that format to protect against bots/zombies.
Exactly. Senderbase, though it would only show you rDNS for IPs that mailed something within the last month. http://www.senderbase.org/senderbas...arch_string=208.85.16.246/24&which_others=/24 You can review even bigger ranges than /24 if you like.
Most of those I have seen (although I am sure there are more out there) generate pure junk easy to pick off. :sheep:
