John Rudd jrudd at ucsc.edu
Fri Aug 18 01:58:10 IST 2006

On Aug 17, 2006, at 17:41, Christian Campbell wrote:

> All this talk about rDNS made me consider rejecting mail from hosts 
> that do not have a valid PTR record.  A legitimate company we exchange 
> a lot of mail with does that have a PTR record for their mail server.  
> As I was composing an email asking them if they could create a PTR 
> record, I decided to reference an RFC to help support my argument (RFC 
> 1912).  But, after doing some more Googling, I found this site:  
> http://www.emailauthentication.org/resources/ which states:
> ---%< snip %<---
> Several readers have inquired on the use of a PTR or reverse DNS 
> lookup.  AOTA strongly encourages site owners to follow the warning as 
> published in the IETF RFC and NOT use a PTR;  The specification for 
> SPF records (RFC 4408 see below) discourages use of "ptr" for 
> performance and reliability reasons. ...
> "Note: Use of this mechanism is discouraged because it is slow, ... 
> ---%< snip %<---

It is not saying "You shouldn't have a PTR record".  It's saying your 
SPF text shouldn't tell other people to look at your PTR record 
_for_validating_SPF_.  Those are two VERY different statements.

What's being discouraged is the "ptr mechanism in SPF".  Not "PTR 
Resource Records in DNS".

>  Not knowing anything about SPF....does this mean a SMTP host 
> shouldn't use a PTR record?  Or...should one not use a PTR if you are 
> using SPF? 
> My next question is, is there a way to tell if the company in question 
> is using SPF and that's why they don't have a PTR?  I'd hate to make 
> an ignorant request.  Should the company still create a PTR record 
> regardless?

If they don't have a PTR because they are using SPF, I would probably 
feel extra comfortable blocking them.

And, frankly, if AOTA is suggesting that people not use PTR DNS RR's, 
then I think AOTA is a bunch of idiots.  :-}

More information about the MailScanner mailing list