Do not send e-mail to me!

Generic rDNS

Generic rDNS

Generic rDNS refers to a sequential name pattern for a large set of IPs in a datacenter or ISP. The generic rDNS is immediately set when the ISP receives the IP block, much before the IP is allocated on a real machine. Therefore, generic rDNS is a name given to IP and not a name given to host.

 

Examples of generic rDNS

 

Generic rDNS usually follows a pattern of type “123-45-67-8.your.isp.com”. It can also follow other standards such as “ip54575b80.your.isp.com” or “unknown-1526.your.isp.com”. Note that the biggest characteristic of a generic rDNS is its sequential or pseudo random string for a large set of IPs.

 

There are also cases where a single name is used for a large set of IPs, such as “generic.your.isp.com” or “not-assigned.your.isp.com”. These cases are also considered generic rDNS, even there is no sequential pattern in the name.

 

Generic rDNS on email servers

 

Although not a standard, generic rDNS should be avoided on e-mail servers.

 

The vast majority of IPs, with generic rDNS, are allocated on machines that do not have e-mail service objective. These machines can also have certain vulnerabilities that facilitate their hijacking by malicious programs. Once hijacked, the machine can be programmed to fire SPAM or malware. For this be possible, the ISP just must keep port 25 open, even if there is no official email service using that IP.

 

Many DNSBLs previously lists IPs that have generic rDNS in order to prevent future attacks by hijacking machines using these IPs. Other DNSBLs lists IPs with rDNS generic, but combined with other triggers. For example, if a low volume of malware from a certain IP is detected, it can be summarily listed if it has generic rDNS. However, the same IP could be put into warning mode if the rDNS is not generic. That is, the generic condition of rDNS can lower the tolerable volume threshold of abuse from a certain IP.

 

If your email server is using a generic rDNS, ask your ISP to change it to the real hostname of machine, using your own domain. For example: “mail.mydomain.tld”. This simple change will reduce the likelihood of your IP being listed.

 

External links

http://www.spamcannibal.org/statsgeneric.html
http://www.abuseat.org/generic.html

Leandro Carlos Rodrigues

Bacharel em Ciência da Computação pela FEI