Re: [anti-spam-wg@localhost] Spam-RBL, anyone?
- Date: Fri, 9 Jan 2004 12:40:22 -0500 (EST)
>> anthony@localhost:~> whois -h whois.abuse.net ucd.ie
>> postmaster@localhost (default, no info)
> There's are simple reasons for that.
> First, domain names are not reliable for tracking spam.
> The IP address is a more effective trail to follow.
Interesting. On what do you base that? Personally, I find domain
names significantly more reliable. (Of course, I take the care to
crosscheck the reverse DNS with the fowrard DNS before believing rDNS
> Consequently, I am not convinced of the usefulness of posting contact
> information as you suggest for our domain.
Well, I'd point out that the more places point to the correct abuse
address (for your value of "correct") the better chance that it will
get used. You currently have yours pointed to by whois and RFC2142;
why not add a third pointer?
If I see rDNS naming some domain, crosschecking with the forward DNS, I
usually won't even _look_ at the IP's whois and just go with the
abuse.net address for the domain (especially if it's not defaulted).
The domains (supposedly) indicate who has administrative control, which
isn't always the IP space owner; lots of ISPs carve up their IP space
into little tiny bits and provide rDNS, but don't SWIP every last /29
and /32 (nor am I entirely convinced they should).
> I don't see the value in trying to track which is the current "most
> widely used database", when a well-known authoritative contact
> database is provided by the local RIR.
Neither do I. But I do see value in "oh, here's another contact
database, let's spread the correct abuse address a bit more widely".
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse@localhost
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B