spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dianne Skoll <...@roaringpenguin.com>
Subject Re: TTL on DNS records (was Re: understanding HELO_DYNAMIC_IPADDR)
Date Mon, 16 May 2016 11:10:19 GMT
On Mon, 16 May 2016 09:12:54 +0200
Matus UHLAR - fantomas <uhlar@fantomas.sk> wrote:

> short ttl's are more likely on abusers' DNS. good for refusing
> delisting.

I would love to see data on the correlation.  I think it's pretty
mild.  A few random tests on consumer cable IPs reveals TTLs for the
reverse DNS ranging from a couple of hours to a day.  For example,
24.34.32.22 => c-24-34-32-22.hsd1.ma.comcast.net. has a TTL of two
hours while 24.44.32.22 => ool-182c2016.dyn.optonline.net. has a TTL
of a day.

The reverse-DNS of our server, roaringpenguin.com, which we do not
control has a TTL of only one hour:

70.38.112.54 => roaringpenguin.com

but the A record going the other way has a TTL of 86400.

Regards,

Dianne.

Mime
View raw message