spf-discuss
[Top] [All Lists]

RE: [spf-discuss] SPF basics commentary

2007-01-29 10:01:12
Stuart D. Gathman wrote on Sunday, January 28, 2007 10:35 PM -0600:

On Sun, 28 Jan 2007, Don Lee wrote:

There is a large and growing number of mailservers "out there" that
try to resolve the HELO name, and some do rDNS on the IP and
ensure that it matches the HELO.

There is no need to do the rDNS if the HELO name resolves to the IP.
It is a (minor) waste of bandwidth and is unfair to those of us with
broken ISP monopolies.  I suppose I am a broken record on the topic.

All PTR records provide is a name - that you have to verify by
checking that it resolves to the IP.  Well, guess what, a HELO name
is a ... name ... that you can verify by checking that it resolves
to the IP - clearly establishing that the domain owner designated
that IP.  So why did you bother fetching the PTR records again?

Forward DNS tells you that the domain owner wants you to resolve a
hostname to a particular IP.  The problem is that they may not own that
IP.  Reverse DNS tells you that the IP owner delegates to a particular
domain, so you now have evidence that the domain owner has the right to
use the IP they list.  In this regard, agreement of PTR and A makes a
more credible assertion than the SPF record.

I'm well aware that a number of incompetent ISP's don't delegate PTR for
static IP's.  In the developed world, the answer is to host your server
in a facility that delegates PTR, and that may not be your ISP.  Outside
the developed world this is not so practical, and those folks will
continue to have trouble getting their mail delivered to MTA's that
insist on matching PTR records.  SPF does not fix this problem because
it relies on forward DNS only.

--
Seth Goodman

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735