Mail PTR Records
Peter Farrow
peter at farrows.org
Mon Mar 3 21:01:39 GMT 2008
Matt Kettler wrote:
> mikea wrote:
>> On Mon, Mar 03, 2008 at 01:15:21PM -0600, Nathan Olson wrote:
>>> It's not RFC-compliant.
>>
>> As has been mentioned elsethread, a number of techniques which are
>> increasingly necessary for survival are not RFC-compliant.
>> Many RFCs were written when the Internet was kinder, gentler, and MUCH
>> less dangerous than it is now. They have not changed, though the 'Net
>> certainly has. Blind adherence to them in the face of evidence that
>> that adherence opens windows of vulnerability is not necessarily dood
>> or wise.
>
> Well, that alone isn't a good reason to blindly toss RFC's aside. Some
> requirements of the RFCs are there for damn good reasons.
>
> However, in this case I suspect the activity isn't even a violation of
> an RFC, and not having a PTR record clearly violates their
> recommendations (albeit not their requirements).
>
> In general, it's really easy to claim something isn't complaint with
> the RFCs without any evidence to support it. We should all take such
> suggestions (including those generated by me) as unsubstantiated
> opinions until proven otherwise..
>
>
>
>
>
Its very good practice to have ptr records for your mail servers that
should match the forward look up. All reputable ISPs that I have dealt
with adhere to this, so its entirely reasonable to throw back mail from
relays without valid reverse DNS. I run my own ISP, I process a few
million mails per week, and I don't accept mail from machines with duff
reverse lookup or no reverse lookup on any of my relays, and I get no
complaints from my client base...just happy spam free mailboxes...
This all comes down to what is best in practice, if the sender relay
doesn't have reverse DNS then I think its perfectly reasonable to throw
the mail back....I wouldn't get hung up on it just send it back,
transfer the problem back to the sender...Its their issue not yours.
Nominet won't let you send pgp signed domain control emails to their
automaton unless the reverse DNS matches the forward DNS exactly...
P.
More information about the MailScanner
mailing list