In <40D5D264(_dot_)2010907(_at_)fortytwo(_dot_)eu(_dot_)org> Olaf
<olaf(_at_)fortytwo(_dot_)eu(_dot_)org> writes:
Well, spammers could easily set up foo.fortytwo.eu.org in their PTR
records and then forge this email address. Did I miss something?
the ptr: mechanism requires that not only does a DNS PTR record exist,
but the domain in question must also list that IP address. Hence, the
domain owner, not just the spammer, must have done something to allow
the ptr: mechanism to pass.
Not everyone is aware of it, but the reverse DNS tree (in-addr.arpa)
allows for multiple PTR records pointing to different domains. When
the ptr: mechanism is checked, all of these pointer records must be
checked to see if any of the domains list the IP address in their A
records. As such, the ptr: mechanism is more expensive than things
like the ip4:, a: or mx: mechanisms. If you can easily get by without
using it, you should.
-wayne