----- Original Message -----
From: "Greg Connor" <gconnor(_at_)nekodojo(_dot_)org>
Hi Nico,
[ comments deleted. ]
ptr: is great for larger installations where there are lots of IP ranges
and they would rather trust their rDNS than list all ranges by number.
One
other factor also works in our favor: usually the "large number of PTR
records" syndrome affects web servers and doesn't affect mail servers
quite
so much. But, it's something to watch out for. And I understand the
point
about dialup/dsl/small netblocks... it's probably a good reason for folks
to use ptr: and ip4: together as a belt-and-suspenders approach.
Well, yes. My concern is that we avoid *insisting* on either a valid ptr, or
that a PTR match an A record that in turn matches the PTR. There is a
potential benefit in blocking forgeries that fake PTR records to point to a
PTR permitted hostname and then lie about what their hostname is. That way
lies a nasty, nasty little verification cycle that is inappropriate to
insist be valid. Forward A records matching the PTR records are *not*
required for valid DNS, and should not be required for SPF.