RE: [NTISP] Spam Filtering -- Reverse DNS, BrightLight

Paul Kincaid-Smith ( )
Fri, 12 Mar 1999 11:01:30 -0800

Doing a reverse DNS lookup for every SMTP message received will consume a
lot of resources and introduce significant latency to the mail delivery
process. Large ISPs usually can't justify it.

While we're on the spam topic, take a look at Bright Light's interesting
approach to spam detection and prevention:

How is this different? Well, from their product blurb:

The Bright Mail Anti-Spam Service offers the first and only
and cost-effective solution to the growing spam problem for ISPs,
corporations, and individual users. Its unique combination of people
technology can detect junk email, devise countermeasures, and update
before spam reaches user mailboxes. Bright Mail's sophisticated
software keeps email easy to use and reduces hardware and network
operation costs.

The Bright Mail Anti-Spam Service

1. The Probe Network =99 -- A massive array of email addresses across=
Internet that are specifically designed to receive spam. This
early-warning system detects incoming spam and delivers it in real
time to the
Bright Light Operations Center for analysis.

2. The Bright Light Operations Center =99 (BLOC) -- Staffed
with trained engineers, not just computers, to evaluate new spam and
updated rules to the Spam Wall software that resides at each=

3. The Spam Wall =99 -- Sophisticated software that identifies and=
spam and mail bombs based on continually updated countermeasures sent
from the BLOC. Users must "opt in" to have their email routed
through the
Spam Wall.

At 12:29 PM 3/7/99 -0500, you wrote:
>I agree with Kurt on this one. To require reverse DNS is going to deny
>operability to a lot of small shops that are at the mercy of their upstream
>provider to get the DNS right.
>> -----Original Message-----
>> From:
>> []On Behalf Of Kurt A. Butzin
>> Sent: Sunday, March 07, 1999 12:18 PM
>> To:
>> Subject: RE: [NTISP] Spam Filtering
>> I believe that using reverse lookups for e-mail delivery is in
>> violation of
>> the RFC, but I not for sure on it. If so, this is going to cause some
>> resistance to using it in some corporate IS departments.
>> > -----Original Message-----
>> > From:
>> > []On Behalf Of David Payer
>> > Sent: Sunday, March 07, 1999 8:43 AM
>> > To:
>> > Subject: Re: [NTISP] Spam Filtering
>> >
>> >
>> > >As for reverse DNS, the only thing I have seen where it is
>> even remotely
>> > >useful is for companies who use a reverse lookup in conjunction with a
>> > whois
>> > >trace to determine whether or not you are eligible to download a=
>> > >encryption product. And even then, all one needs is a shell
>> > account in the
>> > >U.S. to get around that.
>> > >
>> >
>> > You are correct that those who know how to can easily bypass
>> the issue of
>> > screening against reverse lookups. But my point is this: the MAJORITY=
>> > spam comes from those marketers who want to find a quick way to send=
>> > multiple thousand emails. I did a review of logs for rejected
>> > addresses and
>> > tested many by telnetting back to port 25. Over 95% of those
>> > tested did not
>> > respond on that port. For the more dedicated spammers, the Real Time
>> > Blackhole List filters will be helpful.
>> >
>> > My problem when I do filtering is that some corps use firewalls
>> > and don't do
>> > inverse addressing and then their workers send mail back to their home
>> > account on our service and we reject it due to inverse addressing
>> > filters. I
>> > find that there are administrators who will reject you out of
>> > hand regarding
>> > setting up their network with this one precaution.
>> >
>> > I again assert, if we don't make efforts to stop spam ourselves, we=
>> > have governmental assistance in doing that. This will come with an
>> > accompanying tax to pay for administrating it. Once that mechanism is=
>> > place, the influence will grow (remember: income tax was
>> > originally never to
>> > exceed 3%).
>> >
>> > OK </republican-jargon>
>> >
>> > David Payer
>> >
>> >
>> > For more information about this list, including removal,
>> > see this url:
>> >
>> For more information about this list, including removal,
>> see this url:
>For more information about this list, including removal,
>see this url:

Paul Kincaid-Smith Phone: (805) 523-7760, Inc. Fax: (805) 523-8801
13044 Silver Creek St. E-Mail:
Moorpark, CA 93021 WWW:, Inc. -- The Internet Infrastructure Company (tm)

For more information about this list, including removal,
see this url: