Reverse DNS, SPF, Grey listing, and RBL Guides

Reverse DNS, SPF, Grey listing, and RBL Guides

Aug 31, 2008 11:52 AM by Paul White

Recently I was moving a client from a shared hosting account to a VPS.  Of course this means everything DNS related must be repointed to the new box, and everything must be configured appropriately.  If you run a mail server these are very important.  Failure to properly implement these could result in emails either taking longer to reach your receipents, or even worse, be rejected by the receiving mail server.

Why are they needed?
Over the last decade we have seen an explosion of spam.  In the beginning people were forced to manually delete spam email from their inbox. This has lead to the development of technologies to help filter the spam taking the manual labor out of the equation.  But still spam remains a problem.  Below I list the different ways Mail Servers try to authenticate themselves and protect themselves from spammers.

Reverse DNS
This is controlled by your ISP or hosting company.  The idea is that by only allowing emails from a server with a Reverse DNS you are stopping any spammer using a residential DSL or cable modem connection.  Only real web and mail servers usually have access to create a reverse DNS entry.  A Reverse DNS creates a way to prove that the IP is static.

SPF record
An SPF record is an entry in your domain's DNS that specifies what IPs are allowed to send email on this domain's behalf.  This protects your domain from having people try to send emails from their IPs making it loook like it came from you.  This way the receiving mail servers can do a SPF lookup and check to make sure the Server sending the email is authorized to do so.

RBL lists
These are Databases of IPs that have been used in spamming.  Many mail servers can be configured to check RBL lists to validate the Server trying to send them email does not have a bad history.  Some of the more popular RBL like spamcop are very accurate in their results with few if any false positives.  Some other RBLs are extremely aggressive and may result in a rather high number of false positives.  By setting up your mail server to check an IP's history against one or several RBLs  you can make a huge reduction in spam. 

Grey Listing
Grey Listing in my experience is one of the best ways to reduce spam.  The best way to explain how grey listing works is to compare it to a vegas nightclub.  In Vegas there are two types of patrons to night clubs. The high roller or celebrity, and everyone else.  If you are on the list you get in immediately.  If you aren't on the list you get to wait in a line for several hours, and then you still might not get in.  Grey listing is the same thing.  Here is how it works with mail servers. Your mail server is contacted by another mail server. The other mailserver says I have a message from person@somedomain.com.  Your server checks its whitelist to see if this email address, or if the server sending it is present.  If they aren't, your mail server tells them to try again later.  Essentially telling them to wait in line.  But in this case the line is the que on their mail server and not yours.  if you run a legitimate mail server, this isn't a big deal, because you have plenty of memory to allow a few messages sit in the que before trying again.  If you are running a massive spam campaign, you can't afford to have a million messages sitting in the que as this could eat up all your server's resources and crash your server.  So many spammers will just delete your email from the que if it sits there for too long.  The other advantages to grey listing is each time they come back your server will check to see if they are on any RBL lists.  If the server sending the message in the last 15 minutes has been detected by some RBL lists as a spam server. You will be able to identify this and tell them to get lost.  So essentially by making spammers wait, you deter them from trying to get into your night club.  The disadvantage is good emails that haven't been whitelisted have to wait in line for a while ( usually 15 minutes ) before they make it into your inbox. 
Readers Comments

No Comments have been submited.
 
Leave a Comment
Your email will not be displayed or published.
Upon submitting your comment you will get a confirmation email.
Please keep comments relavent to the topic at hand.
name
Email
Website (optional)
Comment
 
Type Code