As well PTR look up require at least additional 2 DNS requests, while
exists will require only one.
Most mail servers anyway do a PTR lookup on the connecting IP address
of course. postfix always does PTR and matching A queries, and logs when
the matching fails.
what about sendmail, qmail, exim?
I know the probably the most widespread commercial product IMail does not
do PTR queries, and that really sucks.
and
the good ones confirm it by checking if the A records points back to the IP
address.
Matching A and PTR is the only way to detect forging of PTR records.
So the 'ptr' mechanism requires zero or one additional DNS
requests.
correct.
> I see clear benefit from "exists".
In most cases 'exists' lookups
please, WTF is an "exists lookup"?
In DNS, one queries for records, which results in (for BIND):
1) exists ( the ANSWER is positively cached),
2) not exist (nxdomain or nodata, are negatively cached with the associated
SOA record of the enclosing zone),
3) CNAME "answer", with negative caching with the associated SOA record of
the enclosing zone
4) dunno, DNS times out.
> PTR is an evil
If "PTR is an evil" is an evaluation deriving from SPF technology, then SPF
sucks.
Len
_____________________________________________________________________
http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites