On 05/10/2011 16:28, Storz, Michael wrote:
Another name for the iprev test is "Forward Confirmed reverse DNS" (FCrDNS).
With Postfix you configure it with the two commands
We use this check since years as our first defense against botnet spam with
great success. In the last 7 days we rejected emails for nearly 22.000.000
recipients. 49% did not have a PTR record, 29% did not have a matching A record.
Where does RFC 5321 say that a sending MTA needs a PTR record? (or even
an A record?)
If it doesn't, then the lack of a PTR record does not indicate that the
MTA is 'wrongly configured'.
Failing FCrDNS shouldn't be sufficient to reject mail. Lots of MTAs
can't have a 'correct' reverse DNS entry, even if they have one at all.
Use valid FCrDNS as a way of validating whitelist entries, but surely
not for more than that.