×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ask Slashdot: Is Reverse DNS a Worthy Standard For Fighting Spam?

timothy posted more than 2 years ago | from the who-the-heck-are-you? dept.

Spam 301

drmartin66 makes it to the front page with this question: "Last weekend I installed a new spam filter server for a client, and enabled connection rejection if the sending server did not have a Reverse DNS record. Since then, I have had a number of emails rejected from regulator bodies that do not have a Reverse DNS record, and are refusing to have one created for their email server. What is your opinion of Reverse DNS records? Are they (or should they be) a standard, and required? Or are they useless for spam fighting?"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

301 comments

rDNS (5, Insightful)

alphatel (1450715) | more than 2 years ago | (#37703576)

Like all things spam, marking the message as bad automatically is generally discouraged. If you simply increase the SCL value by some reasonable number, and continue to raise SCL based on other soft violations (like spamhaus, surbl, etc), you will rarely put good senders in the junk email folder, and very frequently be able to reject most spam content.

Re:rDNS (1, Troll)

SmurfButcher Bob (313810) | more than 2 years ago | (#37704020)

Yep, rDNS works really well until your DNS goes tits up, or until MY DNS goes tits up, or until Pakistan accidentally BGPs something that makes you unable to resolve the query... again.

If the email you receive is anecdotal crap, it won't be a big deal. If the email you receive is of merit, then this test makes an unreliable protocol even worse.

Re:rDNS (1)

mellon (7048) | more than 2 years ago | (#37704222)

Yup, I tried this for a while years ago and lost a lot of good mail. Recently when my server on a rack in California died and I couldn't get to it for a couple of weeks, I set up a backup server on my home connection (which is Comcast Business, so they don't filter port 25, but I don't have an rDNS set up). Not a single message I sent was bounced. So I conclude that not only is it the case that this isn't an effective tactic, it's also not a technique that anybody uses, for some reasonable value of "anybody."

They are not completely useless, just mostly so (1)

Anonymous Coward | more than 2 years ago | (#37703578)

Yes, it may cut down on the "infected" PC spam that hits a mail server, but all it will do is drive that traffic to the numerous spam farms that are opening operating on ISPs

Absolutely required. (1)

jonpublic (676412) | more than 2 years ago | (#37703606)

Yes. Absolutely. It works.

Re:Absolutely required. (0)

Anonymous Coward | more than 2 years ago | (#37703692)

In a few minutes, any chucklehead with a credit card number can spin off some cloud instances from any one of several providers and - surprise - set the reverse DNS records to anything they desire.

Re:Absolutely required. (1)

mpb (41407) | more than 2 years ago | (#37703842)

Absolutely agree. Simple and efficient way to block one spam injection method.

Re:Absolutely required. (1)

muon-catalyzed (2483394) | more than 2 years ago | (#37703910)

> Yes. Absolutely. It works.
No it doesn't. You lose/drop about half of emails. The problem is that not always email and web server match. For example if you are using a cloud hoster for email, then your email sender's IP will resolve to the cloud server instead of your own domain server (@yourdomain.com) and RDNS check will then reject your email.

Re:Absolutely required. (2)

omnichad (1198475) | more than 2 years ago | (#37704220)

That's not how the reverse DNS check works. When your SMTP server connects to another computer, it announces itself with a HELO. That HELO should resolve to that server's IP address. The reverse DNS of that IP address should be the same DNS name given in the HELO. This has nothing to do with using a different outgoing vs. incoming server or anything in your SPF records.

Probably useless (2)

Anrego (830717) | more than 2 years ago | (#37703608)

In all but the most closed groups, having a system that generates lots of false positives is in most cases going to be a bad move in my opinion.

Re:Probably useless (2)

donrich39 (723851) | more than 2 years ago | (#37703944)

Mostly useless because the NSGA (National Spam Growers Association) spends untold millions of $'s lobbying congress to not pass any laws requiring revers DNS.

Better Question... (4, Insightful)

RedACE7500 (904963) | more than 2 years ago | (#37703624)

What reason would anyone have to be running an SMTP server without a PTR record?

Re:Better Question... (1, Informative)

Anonymous Coward | more than 2 years ago | (#37703704)

Because many small business have no control over DNS. Try calling the Mumbai office of ATT and getting them to even understand what you are talking about. I have seen some SMTP server reject mail if the PTR does not exactly match the name of the server.

Get another one, then. (3, Informative)

khasim (1285) | more than 2 years ago | (#37704078)

If email is important to your organization then the cost of a correctly configured mail server is insignificant.

Seriously, your email server can be anywhere in the world. There's no reason that you have to go through a specific ISP. Even if they're blocking port 25, you can get a different ISP to accept mail from you on a different port. Even Google offers that option.

Re:Better Question... (0)

Anonymous Coward | more than 2 years ago | (#37703740)

Remember, the majority of legitimate systems are not run by professionals. They are run by someone who had some IT related training somewhere and was made the mail administrator because they could kind of sort of make it work. Spammers on the other hand tend to have more detailed technical knowledge. This isn't a good thing, but it is the way things are and will continue to be so as long as companies continue to try and get things done with fewer resources than they really would like to have. And don't worry, it isn't anything against techies, the majority of the people doing marketing don't have a good education in marketing either, and the majority of sales people learned on the job from another non-trained sales person, and and and... So we can whine about how people ought to do things all we want, but the reality of it is that it is more important to figure out how to make it work for and with those who are barely able to get and keep their system running.

Re:Better Question... (1)

afidel (530433) | more than 2 years ago | (#37703980)

We significantly increase the spam score for no reverse DNS, if a business partner has incapable IT we just whitelist their domain. This works for fighting the 99.99% of messages from hosts without a proper rDNS while allowing us to make exceptions for legitimate traffic which is in general the best way to approach spam fighting.

Re:Better Question... (0)

tibit (1762298) | more than 2 years ago | (#37704168)

Reverse DNS costs good money: you need an IP delegation, typically. Many ISPs will charge you extra on top of what IANA or wtfever charges for that. It's hard to justify, for a small business, spending $1.5k+ on something that will prevent maybe 5 outbound emails a month from being misclassified...

Re:Better Question... (3, Informative)

omnichad (1198475) | more than 2 years ago | (#37704236)

You don't need IP delegation. Most ISP's offering business class Internet will just set the reverse DNS records up for you on your static IP address. Yes, you have to get in touch with their support, and yes, you have to get a rep that knows what you're talking about - but there's typically not even an extra charge.

Re:Better Question... (2)

Entrope (68843) | more than 2 years ago | (#37703778)

A lot of small organizations have ISPs (or just service plans) that will not let them choose RDNS records. They would have to outsource their mail services to send outbound mail through a computer with a valid RDNS record.

Re:Better Question... (2)

RedACE7500 (904963) | more than 2 years ago | (#37703858)

You don't have to choose the record. The ISP just has to ensure that the PTR for an IP resolves to a name, and the A for that name resolves to the original IP. The name can be completely up to them and doesn't even need to reflect the domain for which you're sending mail. However it should avoid using a name that makes it appear to be a dynamic IP, which some receivers may penalize you for.

Re:Better Question... (1)

Entrope (68843) | more than 2 years ago | (#37703962)

In practice, that doesn't help much. Before switching to my current Internet connection, I had business-class cable modem service because that was required to get a static IP address from that ISP. My IP address had a PTR record with a non-resolving hostname (which looked a fair bit like a dynamic address, in spite of being static). When I tried to call the ISP about it, I got a bunch of confused tech support people who could never figure out who could fix the PTR.

Re:Better Question... (1)

RedACE7500 (904963) | more than 2 years ago | (#37704026)

You gave an example of a broken setup to demonstrate how a working setup doesn't help much?

Re:Better Question... (1)

Entrope (68843) | more than 2 years ago | (#37704056)

No, I gave an example of a broken setup to demonstrate that a lot of small organizations (who still pay for business-class service that should work properly) cannot always get valid reverse DNS records for their mail servers. Clear enough now?

Re:Better Question... (4, Interesting)

Anon-Admin (443764) | more than 2 years ago | (#37704084)

I hate to say it but you have way too high of an expectation of ISP's

I have a static address on a business account via a major ISP. I have a Domain name and have DNS. My DNS resolves to www.mycompany.com but the ISP has the PTR set to 111.222.333.444.static.ISPDOMAIN.COM

They will not change it no matter what I ask and E-mail from my domain through my e-mail server is rejected because the PTR does not match the A record. It has gotten so bad that I had to pay for a mail relay host to push my mail through. To me, this is a risk because they (The relay) could intercept, monitor, or filter the private e-mail between me and my customers which would directly effect my business.

So, personally I say it is a bad idea!

Re:Better Question... (2)

snsh (968808) | more than 2 years ago | (#37704028)

Those same ISP's which do not support rDNS for customers typically host a well-configured SMTP server which customers can use as a smarthost. So, you configure your SMTP server to relay mail through your ISP's SMTP server.

This solves the rDNS problem.

Re:Better Question... (1)

Enry (630) | more than 2 years ago | (#37703824)

Maybe they're hosting multiple e-mail domains from the same site? (I do).

Re:Better Question... (1)

imemyself (757318) | more than 2 years ago | (#37703874)

Reverse DNS doesn't have to match the domain that they are sending mail from. It should just match the name that the mail server is presenting when it does a HELO. There should also be an A record out there for that hostname pointing to the IP.

Re:Better Question... (1)

Qzukk (229616) | more than 2 years ago | (#37703894)

I've got a PTR record for mine, but my DNS server isn't authoritative for the colo's netblock, so nobody will ever ask for it.

Re:Better Question... (1)

Megane (129182) | more than 2 years ago | (#37704280)

The reason is because the PTR record basically depends on the provider of the IP address space, and their cluefulness and willingness to maintain PTR records. You either have to have them add your PTR record to their authoritative in-addr.arpa DNS server, or get them to assign authority to your own DNS server. The latter is (AFAIK) difficult because you can't do binary masks on decimal numbers in zone files, so if you have a zone that isn't a /24 (or /16), your ISP has to about the same amount of work as if they were doing it for you. And some providers are too clueless to set up PTR records at all, period.

In my case, I run a web server, e-mail, and authoritative DNS from my fixed-IP DSL at home. (I do have PTR records, but nobody would know to use my DNS server for in-addr.arpa.) Because I understand this and other problems, I have my mail server send outbound mail up to my ISP's outbound mail server. And then I send outbound mail from my laptop to the ISP's server anyhow, because the ISP supports a username/password, so I can still send mail when not at home without setting up my server as an open relay or setting it up for authentication (or having to change my e-mail client configuration). In extreme cases, I can SSH tunnel to my home system and send mail out that way, but I haven't done that in a long time.

So it requires a combination of an IP provider who is either clueless ("regulator bodies"? Government is a fine source of cluelessness), unwilling, or too much trouble to work with, plus the sender not having (or more likely not knowing to use) an upstream e-mail server.

Re:Better Question... (2)

mellon (7048) | more than 2 years ago | (#37704306)

Lack of access to the reverse DNS tree, or else running multiple domains on the same server. Reverse DNS is not guaranteed to be correct, and is not useful for filtering spam; its highest use is in troubleshooting, because a human being is using it, and can evaluate how meaningful the data there is.

Good idea, but too much trouble in the real world (1)

Anonymous Coward | more than 2 years ago | (#37703632)

We (~10K users, ~1.5M incoming emails a month) used to do this, but there was a constant stream of complaints from users due to email bouncing from organisations that refused to set up the records. It got worse every year too. So we gave up and went for a commercial software solution for a while, and eventually outsourced our mailfiltering completely to a hosted solution. I would NEVER do filtering in-house again, unless for a very small number of technically literate users.

Bob.

Re:Good idea, but too much trouble in the real wor (1)

Lumpy (12016) | more than 2 years ago | (#37703736)

You got it. Today, unless you have a dedicated Email server guy it's retarded to run an Exchange server in house. Outside companies do it better and when the Company Fiber goes down YET AGAIN (Thanks AT&T) you dont lose 24 hours of emails, we actually lost 72 hours worth as AT&T decided that working over the weekend was not important.

Re:Good idea, but too much trouble in the real wor (2)

RedACE7500 (904963) | more than 2 years ago | (#37703890)

For short term outages, sending servers will queue messages and try again later. You can avoid long term outages like this one by having redundant Internet connections from different providers.

Re:Good idea, but too much trouble in the real wor (2)

chill (34294) | more than 2 years ago | (#37703892)

Uhh...not to nitpick, but that is what backup MX servers [wikipedia.org] are for. When your primary server is not available, mail is delivered to one of the others. If your e-mail is that critical then you need to have a store-and-forward server somewhere else, just in case your link goes down.

There are lots of services that provide this, if you don't want to do it yourself. But setting up a simple store-and-forward server isn't all that complicated and doesn't need a full Exchange deployment.

Re:Good idea, but too much trouble in the real wor (1)

Lumpy (12016) | more than 2 years ago | (#37703936)

Sounds like a plan, care to explain that to the CTO? I tried several times and was told that it is a "zero payback expense"

Re:Good idea, but too much trouble in the real wor (1)

hedwards (940851) | more than 2 years ago | (#37704112)

Sounds like a good reason to go job hunting before getting fired for his incompetence.

Re:Good idea, but too much trouble in the real wor (1)

blane.bramble (133160) | more than 2 years ago | (#37704164)

Simple. Ask him if any of the email sent or received has value to the company. If the answer is "Yes", ask if he insures his car/home/dog. When he says yes point out the backup MX cost is insurance against the value of the email. If he says "No", point down you can save more money by closing down all email. Then go back to the first question, or close it down and get out of there.

Re:Good idea, but too much trouble in the real wor (1)

max99ted (192208) | more than 2 years ago | (#37704218)

We pay our ISP to provide 'queue service' in the event our connection/Exchange box goes down. When 'selling' this service to the bosses I put it this way - How much will it cost the firm to not only be without email during an outage, but to lose all emails sent to the firm during that time period?

I feel your frustration though... IT is often seen as a 'zero payback expense'.

Re:Good idea, but too much trouble in the real wor (1)

operagost (62405) | more than 2 years ago | (#37703984)

Besides, since when did every MTA stop following the SMTP RFC that says you MUST not discard the message until delivery has failed for over 72 hours? Even if your server was down over a weekend, you should still have 24 hours to get it back up without losing any mail.

Spammers can choose to use reverse DNS (0)

Anonymous Coward | more than 2 years ago | (#37703634)

Spammers can choose to use reverse DNS, many of the people you really want email from can't. All reverse DNS does is create more frustration for legitimate users.

Indicative only (2)

Some Bitch (645438) | more than 2 years ago | (#37703640)

As with most spam fighting metrics it's up to you. Mail from a server without reverse DNS that doesn't trigger any of your other flags generally shouldn't be treated as spam if you care about false positives, if it's borderline then maybe the lack of reverse DNS will be enough to justify tagging it as spam. The decision of how heavily to weight the lack of reverse DNS is yours, personally I don't give it much weight but it does add a little to the score. Some people go hardcore and reject anything that doesn't have come from a machine with reverse DNS, they accept the significant false positive rate usually for idealogical reasons (while I like a properly configured system I'm not going to bite my nose off to spite my face).

Useless (0)

Anonymous Coward | more than 2 years ago | (#37703642)

Since an ip can map to multiple domains

Re:Useless (0)

Anonymous Coward | more than 2 years ago | (#37703838)

I'd like to officially nominate this for the dumbest Slashdot comment of the day. I know it's a very tough competition, but the perfect combination of arrogance and absolute cluelessness while using only a few simple words really showed that this particular AC has truly risen above the rest of the field.

It is just a part (1)

51M02 (165179) | more than 2 years ago | (#37703676)

I've set up a few mail relay and spam filtering server and I can tell you it helps a lot to reduce the number of spam arriving to them.

I am a Postfix kind of admin (hell with sendmail!) and I know you can set some filter just before the reverse DNS check to accept the connection if it comes from a particular host/IP address, bypassing the reverse DNS check. Or you could add that reverse DNS to your local/client DNS server but it seems not that a good solution.

Anyway following standards is always the best solution.

Useful (2)

discordia666 (940470) | more than 2 years ago | (#37703682)

If your email server does not have rDNS records then it's very likely half your mail is not getting delivered. aol.com, gmail, hotmail, etc all require rDNS.

Blocking on invalid rDNS, invalid or missing A records and not following proper smtp protocol is helpful on a email gateway. However, if you are a relay for clients you'll have problems.

Reverse DNS not always possible to setup (0)

Anonymous Coward | more than 2 years ago | (#37703696)

Unless you are one of the lucky few who have a full class address space, you are stuck with the will of the ISP to either setup reverse entries for you or to delegate resolution to you. Alphatel has it right. Use it if you choose, and grade along with other tests.

It is possible in all the situations that matter. (1)

pavon (30274) | more than 2 years ago | (#37703956)

Unless you are one of the lucky few who have a full class address space, you are stuck with the will of the ISP to either setup reverse entries for you or to delegate resolution to you. Alphatel has it right. Use it if you choose, and grade along with other tests.

Any ISP will setup rDNS entries if you have a business account. The only time this is an issue is if you are trying to run a server from a home account. Most of the ISPs I have used or looked into prohibited running servers with a consumer account. Those that didn't were also happy to provide a rDNS entry if you paid for a static IP.

Trying to run a server when your ISP is opposed to you doing so is inherently problematic, rDNS just being one of your many concerns. It is fine for experimenting and learning, but not for servers that do anything important. The only excuse for a business or government agency not having a rDNS entry is incompetence.

The real question is how tolerant should you be of the incompetent, and from a business point of view the unfortunate answer is "very tolerant".

Just deny DSL / Cable IPs (1)

GPLHost-Thomas (1330431) | more than 2 years ago | (#37703698)

Denying all wrong rDNS is a bit harsh, however, denying what's a DSL and the rDNS declaring as such is a good idea. I've yet found very very few cases where it was an issue. For such case, just white-list the entry your customer is complaining about. Here's how to do with postfix:

smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated,
check_client_access regexp:/etc/postfix/maps/relaying_stoplist,
permit

And here's the content of my /etc/postfix/maps/relaying_stoplist

/^dsl.*\..*/i 553 AUTO_DSL We aren't accept direct connection not from dedicated SMTP servers. Please use your internet provider SMTP Server. -dsl-
#/.*\.dsl\..*/i 553 AUTO_DSL2 We aren't accept direct connection not from dedicated SMTP servers. Please use your internet provider SMTP Server.
/[a|x]dsl.*\..*\..*/i 553 AUTO_[A|X]DSL We aren't accept direct connection not from dedicated SMTP servers. Please use your internet provider SMTP Server.
#/client.*\..*\..*/i 553 AUTO_CLIENT We aren't accept direct connection not from dedicated SMTP servers. Please use your internet provider SMTP Server.
/cable.*\..*\..*/i 553 AUTO_CABLE We aren't accept direct connection not from dedicated SMTP servers. Please use your internet provider SMTP Server.
#/pool\..*/i 553 AUTO_POOL We aren't accept direct connection not from dedicated SMTP servers. Please use your internet provider SMTP Server.
/.*dial(\.|-).*\..*\..*/i 553 AUTO_DIAL We aren't accept direct connection not from dedicated SMTP servers. Please use your internet provider SMTP Server.
/ppp.*\..*/i 553 AUTO_PPP We aren't accept direct connection not from dedicated SMTP servers. Please use your internet provider SMTP Server.
/dslam.*\..*\..*/i 553 AUTO_DSLAM We aren't accept direct connection not from dedicated SMTP servers. Please use your internet provider SMTP Server.
/dslb.*\..*\..*/i 553 AUTO_DSLB We aren't accept direct connection not from dedicated SMTP servers. Please use your internet provider SMTP Server.
/dynamicIP.*\..*\..*/i 553 AUTO_ABO We aren't accept direct connection not from dedicated SMTP servers. Please use your internet provider SMTP Server.
#/dynamic.*\..*\..*/i 553 AUTO_ABO We aren't accept direct connection not from dedicated SMTP servers. Please use your internet provider SMTP Server.
#/staticIP.*\..*\..*/i 553 AUTO_ABO We aren't accept direct connection not from dedicated SMTP servers. Please use your internet provider SMTP Server.
#/dip.*\..*\..*/i 553 AUTO_ABO We aren't accept direct connection not from dedicated SMTP servers. Please use your internet provider SMTP Server.
/fbx.*\..*\..*/i 553 AUTO_fbx We aren't accept direct connection not from dedicated SMTP servers. Please use your internet provider SMTP Server.
/abo.*\..*\..*/i 553 AUTO_ABO We aren't accept direct connection not from dedicated SMTP servers. Please use your internet provider SMTP Server.
/socal.res.*\..*\..*/i 553 AUTO_REV We aren't accept direct connection not from dedicated SMTP servers. Please use your internet provider SMTP Server.
/.dhcp.*\..*\..*/i 553 AUTO_dhcp We aren't accept direct connection not from dedicated SMTP servers. Please use your internet provider SMTP Server.

Re:Just deny DSL / Cable IPs (1)

Anonymous Coward | more than 2 years ago | (#37703760)

Your messsages aren't English. Change "aren't" to "don't", "connection" to "connections", and "provider" to "provider's".

Re:Just deny DSL / Cable IPs (1)

amicusNYCL (1538833) | more than 2 years ago | (#37703814)

Human-readable error messages may also be a good idea. Surely you can do better than "We aren't accept direct connection not from dedicated SMTP servers."

Re:Just deny DSL / Cable IPs (2)

rickb928 (945187) | more than 2 years ago | (#37703928)

Magnificent. Seriously, giving back retarded English is a stoke of genius, and I'm not being sarcastic. Real admins will chuckle, jerks and asshats will flame you (and now you know to add them to your deny), and machines aren't reading it anyways, you had them at 553.

I think there's a recipe out there to automate dropping the connections after a set number of tries and rejects. For my denies, I just ignore the connection and let them timeout. This seems to trigger a lot of spammers to stop wasting time connecting since it hangs them a lot longer than an error response, and maybe sometimes looks like my server is hosed, so they write me off as gone.

Rreally, I love it. Haiku would be overkill. Maybe you should have used 'form' instead to complete the effect.

Re:Just deny DSL / Cable IPs (1)

nedlohs (1335013) | more than 2 years ago | (#37704270)

So I shouldn't have used the strabo.mydomain.com as the outgoing SMTP server. And pytheas.mydomain.com was available too, god damn it!
 

Depends on how badly you want mail.... (2)

Above (100351) | more than 2 years ago | (#37703700)

It is possible to configure your mailer to require all sorts of things, like rDNS. If you configure all of them you will get almost no spam, but you'll also not get 50% of your legitimate e-mail. Perhaps that's ok with you, you're willing to only talk to the "clueful".

Most people though want to get mail. The old Internet axiom "Be conservative with what you send, be liberal with what you accept" applies. WIth spam fighting this generally means use every mechanism at your disposal (including rDNS existence, or matching with forward DNS); but use it only to affect the score of a message. That way the guy who doesn't have rDNS right, but does everything else right will still get through.

Re:Depends on how badly you want mail.... (0)

Anonymous Coward | more than 2 years ago | (#37704200)

Most shared web hosting sites will not have a reverse entry for Email. The hosting provider hosts multiple sites from one or a small number of real IP addresses. The forward works for getting Email to a destination. A reverse DNS entry, however, will point to the web hosting provider and not match the FQDN provided for a forward DNS lookup. This is a very common scenario.

Re:Depends on how badly you want mail.... (5, Informative)

Just Some Guy (3352) | more than 2 years ago | (#37704268)

It's been a long time since I wrote up some spam-filtering instructions [freesoftwaremagazine.com], but I'd still stand by most of my recommendations. In general, yes: just increase the spam score. I do have several litmus tests, though. If you fail one of these, I'm not accepting your mail:

  • Your HELO has to send something that actually looks like a hostname. "server" doesn't work, and neither does "5626^^^". Rationale: a server this badly misconfigured is either a spambot or so horribly broken that I don't want to talk to it. I look at the output of this rule from my logs and I've literally never seen anything blocked that looked like it might have been legitimate.
  • Don't send me my own hostname in the HELO. You're lying. The only reason to do this is to trick me into relaying for you.
  • Don't send mail From: an unresolvable address. "someone@server" isn't a legitimate email address. Neither is "joe@nonexistent.example.com". If it would be impossible to send you a reply because the address you've given can't possibly be valid, I don't need to hear from you.
  • I use zen.spamhaus.org, bl.spamcop.net, and b.barracudacentral.org to generate a likely spam score for incoming servers. If their combined score exceeds a certain threshold, I outright block email from that server. A server might accidentally end up on a blacklist, but it's unlikely that one would accidentally end up on more than one of those (in my opinion and experience) very conservative lists.

"Be liberal with what you accept" is a great idea to a point, but there are some things that correlate very strongly with spamminess. Back to the subject at hand: I don't think that lack of reverse DNS is one of those things.

From the other side (2)

snsh (968808) | more than 2 years ago | (#37703710)

In an organization operating a mailserver without a PTR record for their SMTP, the users should be having so much difficulty sending outbound mail that they know something is wrong. I know this from experience, having set up an SMTP without reverse DNS, and then observing that half my test messages bounced back.

Re:From the other side (1)

Muerte2 (121747) | more than 2 years ago | (#37704258)

Agreed! Lots of servers on the net will require this, so the sending server will have a hard time getting mail to ANYWHERE.

Yes.....and no. (0)

Anonymous Coward | more than 2 years ago | (#37703714)

I run a pretty decent volume mail platform (80k mailboxes, 2.5M attempted messages/day) and when I first inherited it we required reverse DNS records. It seemed great, it demonstrably cut spam volume, and it really screwed a lot of our customers on a semi-regular basis. Unfortunately lots of legitimate mail senders simply don't have access to proper reverse dns, maybe because their ISP won't delegate or maybe because they're barely technically literate and too small to hire a competent consultant.

Bottom line I found was there are better ways to get the same results without having all the collateral damage. For a personal mail server I might still have the requirement, but the instant people are depending on my platform for their email I'm going to go with the stuff that doesn't have such strong downsides.

rDNS bad (1)

JeffSh (71237) | more than 2 years ago | (#37703718)

Many email servers do not have rDNS, therefore it is not advisable to filter based on a lack of rDNS alone.

It can be argued that it should have an rDNS, but if they don't, you have no control over that since it's their system. Then you'll be spending way too much of your time tweaking spam filters and creating white lists, contacting the sending company's administrators...

It's just a bad idea, don't do it.

That said, I prefer SaaS email spam filtering like Symantec's Messagelabs. (Disclosure, I am an ML partner)). I like this service because I don't have to worry about managing it. It saves me a lot of time.

Its useless if nobody uses it (1)

suso (153703) | more than 2 years ago | (#37703728)

A bit over a year ago, I performed a reverse dns scan of the entire internet [youtube.com]. It took around 4 months and amounted to about 62GB of data which I haven't sorted through just yet, but I'd guess based on what I've seen so far that only 20-30% of the utilized Internet has reverse DNS entries. This is kinda what I suspected all along, but I now have data to back that up. How can anything properly use reverse DNS with that low of an adoption rate. Its sad because so many more services could be offered if it was properly adopted.

Re:Its useless if nobody uses it (1)

pe1chl (90186) | more than 2 years ago | (#37703888)

Probably the number of addresses in the utilized Internet that are intended to send mail is much lower than that 20-30%.

So it could still be a good method.

No (3, Interesting)

TheCarp (96830) | more than 2 years ago | (#37703752)

You know....I hate spam. It made usenet useless for years, it continues to degrade the usefulness of email, spamers steal resources and are underhanded dickwads.

All that said, some of the anti-spam people are ridiculous zealots who don't care who gets caught in the crossfire.

I have a server in colo. Its my mail server, but it also does a number of other things. Until recently, it ran a tor node. Why? Because i had sooo much more allocated bandwidth than I was using on a monthly basis that it cost me nothing extra to run. Ran it for at least 6 years on the same node.

Its now shut off, why? Because some idiots at Spamhaus decided that running a tor server was suspect. Never mind that it was disallowed from exiting on port 25, which is publically posted info in its service descriptor....no... Of course, I think they are also fooled by the fact that several windows users have shell accounts and use it as a web proxy.... so somehow my box also was infected with a Windows trojan according to these geniuses.

We got it cleared up, but still are not able to donate excess bandwidth allowance to the tor network.... which is bad enough, but this isn't the first time I have had my server blacklisted for no good reason at all. I don't even remember what BS it was last time, just that it was... BS.

Now will this kill me? No.... I have reverse DNS setup and have for years but...come on.... seriously? Bouncing mail sucks, especially when you suddenly start doing it to whole domains.

If it were just me, my opinion is that anyone using one of these RBLs has a misconfigured mail server, I wouldn't have "fixed it".... but I host other peoeple's email domains, so the black ball tactics worked.

e-mail server (2)

StripedCow (776465) | more than 2 years ago | (#37703754)

Being fed up with postfix and exim, I recently wrote a simple e-mail server using python. I followed the RFC standard as well as I could, but to my surprise, I noticed there are numerous special undocumented tricks one needs to know to get mail through to the recipient in a reliable way (whitelists, blacklists, reverse dns, etc). I am wondering if anybody here knows if there is a place on the net where such tricks are documented.

PS: IANAS (I am not a spammer, honestly)

Only 1 worthy contender (1)

rwa2 (4391) | more than 2 years ago | (#37703770)

Just whitelist any email that has a verified digital signature. Everything else you can't trust.

Good luck getting anyone to actually set up and use digital signatures/encryption, though :-P But if you make it a matter of policy and give them the tools to use it, there's no better way.

Reverse DNS is useless (1)

dbialac (320955) | more than 2 years ago | (#37703788)

As somebody who used to work in the email industry, I can assure you that rejecting based on the presence of RDNS is useless against entities that run their own infrastructure. Everybody working legitimately ('opt-in', though I refer to it as 'suckered in' because the person didn't read the privacy policy that said people who filled out the form were going to get emailed and their info sold/traded) in the email industry creates RDNS as a part of their SOP. When I worked in it, we never sent out email without first verifying that reverse DNS was set up and set up properly. Granted, you'll still likely catch spam from botnets.

Re:Reverse DNS is useless (2)

Glendale2x (210533) | more than 2 years ago | (#37703966)

I think you're missing the point. Configuring DNS means that someone with clue set out to create a mail server and intends for it to be such rather than just slapping something together without any clue. Whether or not that mail server is sending anything desirable is not related.

spamsolutions.txt (0)

Anonymous Coward | more than 2 years ago | (#37703790)

Your post advocates a

(X) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(X) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(X) Requires too much cooperation from spammers
(X) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
(X) Susceptibility of protocols other than SMTP to attack
(X) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
(X) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(X) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(X) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
(X) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
(X) Why should we have to trust you and your servers?
( ) Incompatibility with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(X) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

The world of senders is not black and white (1)

rayd75 (258138) | more than 2 years ago | (#37703796)

Remember that not every non-spam email originates from a perfectly-configured self-hosted SMTP server. Many organizations outsource their email, spam filtering, compliance filtering, notice / statement delivery, etc. While it's easy to posit that the IT departments in such organizations have a duty to maintain reverse DNS records for all their partners' servers, don't fall into the trap of thinking that every organization has a fully-staffed, knowledgeable IT department... or an IT department at all.

Should be a factor, but not a red flag (1)

jht (5006) | more than 2 years ago | (#37703798)

Having a reverse DNS is a good practice, and anyone with a mail server should be doing it. That said, a lot of small businesses don't have reverse DNS set up, don't know what you mean when you tell them to do it, or have ISPs that are a pain to deal with. I'd mark up the spam score on a message without reverse DNS on the sending server (and I do on my own server) but I wouldn't block it entirely unless it sets off a lot more flags than just that one.

I use Kerio Connect on my server - I add 2 points for lack of reverse DNS. 3.5 points drops you into the junk folder, 5 blocks you completely. Doing that I get pretty much no false blocks, a false positive every few days, and about 3-5 spams that make it to the junk folder per day. I block a few hundred.

let me help (0)

karmaflux (148909) | more than 2 years ago | (#37703826)

Your post advocates a

(x) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(x) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
(x) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
(x) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
(x) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(x) Extreme stupidity on the part of people who do business with spammers
(x) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
(x) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(x) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

A warning (1)

djp928 (516044) | more than 2 years ago | (#37703884)

The windows admin where I work hates reverse DNS. He thinks it's stupid and refuses to keep it updated. So... if there are more people like him out there, you might have issues getting email from them.

Re:A warning (1)

RedACE7500 (904963) | more than 2 years ago | (#37703978)

Hope he likes updating his resume.

Re:A warning (1)

djp928 (516044) | more than 2 years ago | (#37704204)

Lucky for him, Windows will keep reverse DNS reasonably well maintained (provided you're using a Windows DNS server) until you decommission a host and reuse a host name or IP address. Then it seems to have huge issues getting things cleaned up. I haven't any idea why because I try to stay away from it.

Re:A warning (1)

xeno314 (661565) | more than 2 years ago | (#37704192)

Out of all people, why would a Windows person mind? Hell, Microsoft made the DNS MMC snap-in idiot-proof when it comes to reverse DNS -- it will ask to create the PTRs for you! Perhaps your DNS isn't on Windows, but still...there are plenty of UIs for DNS control that handle reverse DNS automatically.

Re:A warning (1)

djp928 (516044) | more than 2 years ago | (#37704282)

Yeah, it creates them just fine. It just doesn't seem to ever want to keep that info up to date if you change hostnames or reuse IP addresses. Like I said in another reply, I'm not a Windows guy, so I haven't any clue why it doesn't seem to like to clean up after itself. It works great as long as you never delete a host and try to reuse its IP or hostname, then it has issues.

In theory, yes. In practice, no. (1)

apparently (756613) | more than 2 years ago | (#37703906)

Reverse DNS makes absolute sense as a means to counter spam, but the reality I've experienced is that there are too many IT admins that don't even know what a PTR record is, and since they don't experience an issue with all of their mail recipients, they assume it's an unnecessary step, even when you try to explain that it with a sock puppet show.

useless, possibly harmful. (2)

sander (7831) | more than 2 years ago | (#37703914)

The requirement for reverse dns is in hindsight a part of the "security theater" where various claims are made, and remedies suggested against perceived ills. The suggestion for reverse DNS comes solidly from the era of TCP wrappers, another supposed saviour of ill maintained systems from outside evils.

In reality, there is no actual increase of security from checking if some address has reverse dns as for ages most of the dial up and broadband lines all have reverse dns. Also, as reverse dns zones are by and large often unmaintained, esp. when it comes to removing entries, you neither can rely on the data returned, nor assign any significance to what is returned.

Yes; no; yes. (1)

osu-neko (2604) | more than 2 years ago | (#37703972)

Yes, reverse DNS records should be standard. No, they should not be required. Yes, they are useless as a toll for fighting spam.

The real problem (1)

pyrr (1170465) | more than 2 years ago | (#37703992)

The real problem is that while this would really help fight spam, there's collateral damage. Just like the judicial systems in civilized countries tend to operate on the principle that it's better to set 100 guilty people free rather than imprison 1 innocent person, most people who receive email would rather receive and delete 100 spam messages than miss one legit email inquiry from a potential customer or long-lost friend.

Sender Policy Framework seems even better than simple reverse DNS in theory, but it doesn't seem to get much traction because it causes more serious problems than spam in general causes. Until a critical mass of sysadmins basically tell the domain owners who are too stupid or lazy to add the appropriate DNS records to fuck off, lazy and stupid sysadmins will continue to not add those records. But until then, customers will cry and rebel if any of the good sysadmins who host them try to apply a passive spam filter that relies on such records. That's just how it goes, it's a Catch-22 which is preventing widespread adoption. The only potential solution would be to stage an SPF or rDNS record adoption day, get some big names on board, and hope for the best.

Definitely necessary (1)

Danzigism (881294) | more than 2 years ago | (#37704036)

This is simple stuff here. Firstly, it verifies ownership of the domain. I will never accept email from a host that does not resolve. Doing so will of course allow a ridiculous amount of spam from infected computers around the globe from regular IP addresses. The email address needs to match the host in which it is sending from as well. It requires hardly *any* work. Why are we even talking about this?

HELO, ELO, wants the hostname as well. Are we expecting millions of mail servers to simple change the way they're doing things? More importantly, if spam is a problem for you, I've had great luck with filtering services such as Postini and SpamSoap. Both excellent providers and have better resources than anything you can whip together on your little email server. It costs pennies as well.

rDNS not working (0)

Anonymous Coward | more than 2 years ago | (#37704048)

From my experience and that of our other sysadmins here, rDNS never works and you'd constantly have users come and complain that they are missing a large amount of their incoming emails. The best defenses against spam are keeping your primary email as private as possible, using a good statistical spam filter, and ideally mail encryption since that makes filters more easily recognize spam since it'll stand out against the noise of legitimate emails. Also, in terms email clients the only one we specifically recommend is Thunderbird, even in combination with gmail (except for tagging they integrate very well now).

rdns is not a good solution (1)

wysiwig3 (549566) | more than 2 years ago | (#37704088)

I've had this same fight with multiple vendors and organizations over the years. Like many others, rDNS should be implement properly. It's just the way to keep a clean house. However, the RFC doesn't require rDNS validation checking, and do to so break mail delivery for many, many legitimate services. Spammers will (actually, have--this idea is old) found new avenues of attack. Reputation scoring, token analysis, and other statistical measures are a far better set of solutions to work with. You can go on the cheap with some sendmail RBL and dspam type solutions all the way up to what I consider best in class right now--Ironport. A Microsoft shop would probably like FOPE--it integrates well and does a damn nice job of proper spam filtering too. The larger MS shops with EA agreements can roll than into the package for decent pricing.

Spam is not the reason (2)

Glendale2x (210533) | more than 2 years ago | (#37704098)

The question "Is Reverse DNS a Worthy Standard For Fighting Spam?" is incorrect. Spam is not the reason; using it as a measure of clue is. Servers that emit spam and and clue level can be related, though. If someone is clueful enough to set up a mail server properly they're going to make sure it has reverse DNS. A mail server run by a less than clueful individual (or set-and-forget with no admin) is more likely to be a problem source either now or in the future than the ones that are cluefully configured and actively maintained.

Of course you are going to have spammers that are clueful mail admins and will set up their servers properly. That's why you can't pigeonhole reverse DNS as some kind of spam fighting method alone. But it can always be used as a measure of cluefulness.

Just as your seeing. (0)

Anonymous Coward | more than 2 years ago | (#37704104)

A lot of system admins do not create rDNS causing rejections. Most of the time it's a headache so we don't do it.

You have to do this (1, Interesting)

DarkOx (621550) | more than 2 years ago | (#37704122)

Its right, its not fair; but its needed. Legitimate sites should have no problems setting up reverse records or getting their provider to do if for them.

Anyone who is not in a position get PTR records in place for their mail server is not actually in a position to be running a mail server anyway. Sorry that is just the way it is. PTR records are nice to have for any number of mail delivery troubleshooting and validation issues outside of SPAM.

As a mail admin I'd kinda consider them a requirement anyway. Its not easy to work transmission problems when I can't figure out who the admin of the other server is and how to get in touch with them.

I know its not within the standards, but I say no PTR record no, mail accepted.

why waste time (0)

Anonymous Coward | more than 2 years ago | (#37704166)

just set up postini properly - all mail to you is filtered by likely the biggest most up to date filter in the world (and dont forget to set up inbound rule in your firewall narrowed to your mailserver only receiving SMTP from postini)- dont try and make your own spam filters -- postini is the best.

i do not work for google.

Spam scoring (0)

Anonymous Coward | more than 2 years ago | (#37704180)

It should not be an automatic ban, instead part of the overall score applied by the filter(s).

As an ISP we require rDNS it works well. (2)

Muerte2 (121747) | more than 2 years ago | (#37704232)

I work for an ISP and we require rDNS records for all incoming mail. You will filter out a TON of spam email with that simple rule. It's much easier on the CPU load to filter on a simple reverse DNS check than to run spam assassin on that message. There are the occasional (not as many as you'd think) misconfigured servers that don't have rDNS. In those rare cases we contact the other end and let them know they're incorrectly setup, and usually add a temporary allow until they get the issue fixed.

I highly recommend requiring rDNS for incoming mail. 99.9% of legit mail servers will have those records, and only about 30% of spam servers will. We process over a million email messages a day with this method, it works.

I require them (1)

Hokan (11666) | more than 2 years ago | (#37704310)

My mail servers require PTR records and require that they match A records. This has stopped a huge amount of spam. It has also stopped some ham and as a result I now use this in combination with a whitelist.

Your submission advocates a.... (0)

Anonymous Coward | more than 2 years ago | (#37704316)

Your post advocates a

(X) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(X) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
(X) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
(X) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(X) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

( ) Sorry dude, but I don't think it would work.
(X) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...