ietf-smtp
[Top] [All Lists]

Re: The anti-abuse rDNS check that FTP gave up

2011-10-05 21:06:26

On 05/10/2011 16:28, Storz, Michael wrote:

Another name for the iprev test is "Forward Confirmed reverse DNS" (FCrDNS). 
With Postfix you configure it with the two commands

    reject_unknown_reverse_client_hostname
    reject_unknown_client_hostname

We use this check since years as our first defense against botnet spam with 
great success. In the last 7 days we rejected emails for nearly 22.000.000 
recipients. 49% did not have a PTR record, 29% did not have a matching A record.

Where does RFC 5321 say that a sending MTA needs a PTR record? (or even an A record?)

If it doesn't, then the lack of a PTR record does not indicate that the MTA is 'wrongly configured'.

Failing FCrDNS shouldn't be sufficient to reject mail. Lots of MTAs can't have a 'correct' reverse DNS entry, even if they have one at all. Use valid FCrDNS as a way of validating whitelist entries, but surely not for more than that.

<Prev in Thread] Current Thread [Next in Thread>