spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: PTR problems

2004-11-29 13:06:22
from [Mark] [Permanent Link] 
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com 
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of 
administrator(_at_)yellowhead(_dot_)com
Sent: maandag 29 november 2004 20:17
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] PTR problems




This topic has been discussed many times on this list, and is
definitely relevant. As long as there are those that would use reverse
lookup to verify email (SPF has so far side-stepped the issue for the
most part), the potential is there to run into problems like these.
The  domain owner is probably not even aware of this problem, although
I have tried to bring it to their attention. Because the reverse
lookup process is a  top down driven process, it is sometimes very
difficult to get the upstream ISP to resolve


I do not subscribe to the idea that SPF should lax its checks because
someone's DNS might be broken. The only-ever solution to broken DNS is to
fix it. Pronto.

Like with the broken SPF record of lists.sourceforge.net. I filed a
report, but that is it; I am not going to accommodate my setup one iota,
just because some jerk messed up the SPF basics. I'd say, let the reality
of mail bouncing wrestle a bit with the culprit. And then, if it causes
them enough discomfort, let someone rise out of his chair and fix the
mother.

Next thing, we'll be accepting IP MX records, and the like, because there
are folks out there who did not realize that such is 'verboten'. No go, on
this end.

Mind you, this I say regardless of the question whether PTR checks are
useful/desirable. Especially so, because there is still no RFC which
requires that a connecting mail server has a PTR (strange as that may
sound in this day and age). Though I reject on the absence thereof, too;
unless your HELO matches your IP. Then I consider the IP resolved after
all.

So, PTR checks are debatable. But if people put the PTR mechanism in their
SPF record, then, as far as I'm concerned, it better check out.

- Mark 
 
        System Administrator Asarian-host.org
 
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Attacking Domain Keys, Seth Goodman
Next by Date:  we're not deaf (was: Attacking Domain Keys), Frank Ellermann
Previous by Thread:  Re: PTR problems, Alex van den Bogaerdt
Next by Thread:  What is the load on DNS caused by SPF?, guy
Indexes:  [Date] [Thread] [Top] [All Lists]