On Mon, 19 Jul 2004, Len Conrad wrote:
As well PTR look up require at least additional 2 DNS requests, while
exists will require only one.
Most mail servers anyway do a PTR lookup on the connecting IP address
of course. postfix always does PTR and matching A queries, and logs when
the matching fails.
what about sendmail, qmail, exim?
Sendmail has been doing it for years. I think exim does as well.
I know the probably the most widespread commercial product IMail does not
do PTR queries, and that really sucks.
and
the good ones confirm it by checking if the A records points back to the IP
address.
Matching A and PTR is the only way to detect forging of PTR records.
Correct. In fact, if you ever sent email to somebody @AOL.COM, you'd know
that unless you have PTR record (and that name properly matches back to ip
with direct A record), you'd not be able to get through their filters.
PTR is an evil
PTR is no more evil then dns itself.
If "PTR is an evil" is an evaluation deriving from SPF technology, then SPF
sucks.
cat /dev/evil | grep -v spf > /dev/null
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net