Seth Goodman writes:
Stuart D. Gathman wrote on Tuesday, January 02, 2007 12:25 PM -0600:
In fact, even without an SPF record, if the HELO resolves to the
connect IP, you can be certain that the connect IP was authorized
to use that HELO by the DNS admin for the HELO domain. Reverse
DNS doesn't add anything.
It indicates control over the IP. Domains can be throwaway, but IP's
are not.
True enough, but control over the IP means control over what it
reverse-resolves to. You can make your IPs reverse resolve to
anything you want.
For example, there is nothing preventing me from making one of my IPs
reverse resolve to, say, mail.goodmanassociates.com. Of course, I
can't make the forward resolution match, but unless someone looking at
the reverse DNS also checks that the forward DNS matches, an imposter
can use reverse DNS to look credible.
--
Dick St.Peters, stpeters(_at_)NetHeaven(_dot_)com
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735