Nico Kadel-Garcia wrote:
Sorry, I have repeatedly explained elsewhere that the PTR records cannot be
relied on to match the A record. It's a common and recommended practice to
do so, but it's hardly mandatory nor should it be.
And as stated by others, and which I can affirm: the check for a PTR in most
MTA's is merely a check that a PTR exists to avoid random email forgery from
unmanaged networks which are often used by viruses and spammers, not a check
against the A record, the published name in the "FROM" line of the SMTP
transaction, or anything else.
I know you've repeatedly said this, but the fact remains that a PTR record is
completely untrustable for the purposes of the SPF "ptr" mechanism unless the
name it points to has an A record with the original IP address. Domains that
cannot manage to have forward-confirmed reverse DNS should simply not use the
"ptr" mechanism.
Note that section 4.5 of the current spec.
(http://spf.pobox.com/draft-ietf-marid-protocol-00.txt) explicitly requires
that this check is done, as does section 4.6 of the "classic SPF" spec.
(http://spf.pobox.com/spf-draft-200406.txt).
If any implementation of SPF does not do the forward check, I would like to
know, so that I can avoid it (as it's non-compliant with the spec.).
Paul.