spf-discuss
[Top] [All Lists]

Re: Re: PTR lookups in SPF

2004-07-19 05:32:19

On Mon, 19 Jul 2004, Len Conrad wrote:

As well PTR look up require at least additional 2 DNS requests, while
exists will require only one.

Most mail servers anyway do a PTR lookup on the connecting IP address

of course. postfix always does PTR and matching A queries, and logs when 
the matching fails.

what about sendmail, qmail, exim?

Sendmail has been doing it for years. I think exim does as well. 
 
I know the probably the most widespread commercial product IMail does not 
do PTR queries, and that really sucks.

and
the good ones confirm it by checking if the A records points back to the IP
address.

Matching A and PTR is the only way to detect forging of PTR records.

Correct. In fact, if you ever sent email to somebody @AOL.COM, you'd know 
that unless you have PTR record (and that name properly matches back to ip
with direct A record), you'd not be able to get through their filters.

PTR is an evil

PTR is no more evil then dns itself. 
 
If "PTR is an evil" is an evaluation deriving from SPF technology, then SPF 
sucks.

cat /dev/evil | grep -v spf > /dev/null

-- 
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net