Linode Outbreaks, why PTR Important

Today’s report is about Linode, but of course this could be about many different providers, and is a reason why the ability to block emails based on the PTR records is important, and it is best when it can be done in the SMTP layer BEFORE you waste the overhead on processing it. Real email operators will (or are supposed to according to Best Practices) change the rDNS to reflect their company, eg, however hackers and script kiddies who load bulk email programs and hacks onto vulnerable servers usually can’t modify the rDNS itself, without triggering alerts, or breaking things, and usually the ability to change rDNS is locked down to the system administrator, or their upstream provider.

it could be addresses such as *, or it could be generic patterns like the recent outbreaks at SoftLayer, eg.

But in todays case it was the Linode network that was especially active. 8 20 7 35 8 6 21 7 8 1 39 31 37 1 1 36 1 35 1

The second number is the number of ISP’s that reported the problem.
This might be a PTR pattern that you want to treat as suspect, or choose to block on your email servers. Real email operators on the Linode network will of course have proper rDNS records, and shouldn’t be affected.

This entry was posted in Informative, Uncategorized and tagged , , , . Bookmark the permalink.

Leave a Reply