spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Cole" <sausers-20150...@billmail.scconsult.com>
Subject Re: TTL on DNS records (was Re: understanding HELO_DYNAMIC_IPADDR)
Date Mon, 16 May 2016 00:26:03 GMT
On 15 May 2016, at 9:51, Dianne Skoll wrote:

> On Sun, 15 May 2016 13:25:34 +0200
> Matus UHLAR - fantomas <uhlar@fantomas.sk> wrote:
>
>> Note that the TTL is 3600 for both reverse and forward records.
>> There are blacklists that won'd delist your IP if your TTL is this
>> short, e.g. sorbs requirs at least 14400.

According to http://www.sorbs.net/delisting/dul.shtml:

    Also, the Times to Live of the PTR records need to be 43200
    seconds or more. This is an arbitrary limit chosen by SORBS.

> What, really?  What's the rationale for that requirement?  That a 
> short
> TTL is "too dynamic"?
>
> That seems a little aggressive, IMO.

It's also VERY unevenly enforced. Amazon SES and Office365/Outlook.com 
outbounds emit substantial spam, have names that embed their last 1 or 2 
octets, and PTR TTL's of 900 and 3600 respectively. The MS sewer outlets 
HELO with names that resolve to IPs other than those they actually use, 
and the PTR on the IPs used typically resolve to a names with a zero 
TTL. SORBS will list these as spam sources but not as dynamic, so 
there's clearly some subjective judgment in use.

Mime
View raw message