spf-discuss
[Top] [All Lists]

Re: Re: PTR lookups in SPF

2004-07-19 09:04:09
On Mon, 19 Jul 2004, Len Conrad wrote:

I think PTR-lessness makes any IP sending my MX mail suspect, and one more 
mistake, the msg is rejected.  I bet AOL has something similar.

They haven't said how the negative treatment works

I recently turned on a similar policy.  If there is no SPF record, then
I use a default SPF record (v=spf1 a/24 mx/24 ptr ?all). 

If the result of SPF is neutral (from either and official or default record),
and there is no valid PTR for the connecting MTA, then I reject the mail.  So,
to send me mail, you have to either have an SPF pass (possibly with my
default record) or softfail, or have a valid PTR.

This blocks 6100 spams per day.  (Many of which would have been blocked at
some later point.)  We are a 6 person company, and get around 100 legitimate
email per day.  We block between 10000 and 40000 spams per day using a variety
of techniques.  The number spams in my Bayesian quarantine went from 500+ per
day to 200+ per day.

I am considering tightening this up to treat dynamic IPs the same as
having no PTR.  Someone posted a regex to recognize PTR CNAMES for
dynamic IPs, and I'll have to find it.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.