thoughts? Would this defeat botnets?

John Rudd jrudd at
Sun Nov 19 01:45:08 GMT 2006

For defeating botnets, I use a milter to block:

a) anything without reverse DNS

b) anything whose hostname from reverse DNS doesn't resolve

c) anything whose hostname from reverse DNS doesn't resolve to an IP 
address or list of IP addresses which includes the IP address I started with

d) any hostname which contains 2 or more octets of its own IP address 
(in decimal or hexidecimal), with or without leading zeroes, with or 
without separators.

e) any hostname which contains keywords like: dynamic, dls, dial-up, 
ppp, modem, etc.

Works VERY well.  I do it in a way that lets the message through if it's 
going to postmaster and/or abuse (but no other addresses).  That way 
people can ask for exceptions if I issue get false positive.

I also took this code and made it into a spam assassin plugin 
(RelayChecker).  One person gave me back stats from his site.  He was 
getting 78% accuracy with RelayChecker, for overall spam. (78% of 
messages that were spam were getting tagged by RelayChecker)  Though, he 
also had a 1% FP rate (1% of ham was getting tagged by RelayChecker, as 

So, there you.

More information about the MailScanner mailing list