Hi,

I could be wrong but I think that they are only referring to the forward
hostname advertised in the mail servers HELO, it is obvious that most
systems have many more forward A records than reverse PTR records.

Regards,
Steve

-----Original Message-----
From: Drew Weaver [mailto:***@thenap.com]
Sent: Friday, 27 June 2008 11:37 PM
To: ***@nanog.org
Subject: uceprotect.net

Hello everyone, this is possibly off-topic here, not entirely
sure.

I'm kind of confused about some of uceprotect's policies, they
seem to require every IP address to have reverse DNS with matching
forwards (which works fine for a wireless/broadband/dial-up ISP, but not
so much for a hosting company/datacenter). They seem to penalize
companies who have many small allocations from ARIN/whomever while
rewarding companies who have huge swaths of IP addresses in single
chunks. They don't seem to understand that in a datacenter a single
machine running virtuozzo/vmware can have any number of IPs assigned to
it and that not everything can be so tightly scripted/controlled. They
currently take issue with 106 out of almost 54,000 IP addresses and our
AS appears to be listed in their list. That seems extreme to me. My
question is, has anyone had a problem with uceprotect.net's system and
then been able to satisfy their requirements on an ongoing basis? We'll
obviously do whatever it takes because we really have no choice. We've
found ISPs with over 100,000 IPs using their list(s) so obviously it has
an impact.

Off-list is fine, sorry to bother anyone if this is off-topic.

Thanks for your time.
-Drew

Do you actually have a problem beyond "ZOMG, dnsstuff.com says I am in
uceprotect?". Its not a list that I personally would waste time with.

BTW, the kind of issue that often affects "cost effective" colo shops
- so-called snowshoe spam - typically HAS matching forward and
reverse.

srs