[Top] [All Lists]

Re: The anti-abuse rDNS check that FTP gave up

2011-10-05 21:06:26

On 05/10/2011 16:28, Storz, Michael wrote:

Another name for the iprev test is "Forward Confirmed reverse DNS" (FCrDNS). 
With Postfix you configure it with the two commands


We use this check since years as our first defense against botnet spam with 
great success. In the last 7 days we rejected emails for nearly 22.000.000 
recipients. 49% did not have a PTR record, 29% did not have a matching A record.

Where does RFC 5321 say that a sending MTA needs a PTR record? (or even an A record?)

If it doesn't, then the lack of a PTR record does not indicate that the MTA is 'wrongly configured'.

Failing FCrDNS shouldn't be sufficient to reject mail. Lots of MTAs can't have a 'correct' reverse DNS entry, even if they have one at all. Use valid FCrDNS as a way of validating whitelist entries, but surely not for more than that.

<Prev in Thread] Current Thread [Next in Thread>