Daniel Taylor wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Stuart D. Gathman wrote:
On Mon, 29 Jan 2007, Seth Goodman wrote:
I'm well aware that a number of incompetent ISP's don't delegate PTR for
static IP's. In the developed world, the answer is to host your server
in a facility that delegates PTR, and that may not be your ISP. Outside
the developed world this is not so practical, and those folks will
continue to have trouble getting their mail delivered to MTA's that
insist on matching PTR records. SPF does not fix this problem because
it relies on forward DNS only.
I get the picture. So IPv4 is officially unusable for us poor folk.
I guess I need to start figuring out how to set up IPv6 email, where
I can set my own rDNS.
How do I send from an IPv6 address if the MX records for the destination
domain list only IPv4 hosts? Use a relay with SMTP AUTH? Who offers
such a service? All IPv4 SMTP relays I've seen don't prevent cross-customer
forgery (except maybe Kitterman's), so you are actually *more* likely to get
forged mail if you force me to go that route. Seems counter productive.
Delegating PTR for anything less than a full /24 network block does not
appear to be practical, if it is even possible. On the other side of the
coin, most ISPs that cater more to a technical or business audience have
no trouble with setting the PTR for your IP(s) appropriately to your needs.
Even the consumer oriented ISPs frequently have business divisions that
charge a hefty premium but are happy to provide such services.
Failure to have any PTR record *at all* for a particular IP will keep
you from sending e-mail regardless of SPF settings, as most standard
MTAs (Sendmail and Postfix I know for certain) will check for the
existence of rDNS,
granted, MTA's check for a reverse existing (may or may not match domain)
But, is it a technical assertion that to have a reverse DNS one must
have a PTR. I was not aware of that...
and frequently verify that with a forward lookup to
see if it matches,
Um, really??? Most forwards point to the website server, not the MTA.
Only in some cases is that the same IP.
Are you sure of your statement?
Or are we talking about a fully qualified host name (not just the
domain). And if so, from where are you assuming this name comes from?
Terry
before even allowing the SMTP session to be initiated.
This is a precaution against DNS spoofing the sending system that
interlocks nicely with SPF by assuring that the IP address in question
belongs to who it claims to belong to.
- --
Daniel Taylor VP Operations Vocal Laboratories, Inc.
dtaylor(_at_)vocalabs(_dot_)com http://www.vocalabs.com/
(952)941-6580x203
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFvjIe8/QSptFdBtURAug+AJ4zBgzCWsW2OeLRNBoNGZ2c55RMUwCfWWza
EbEctw86A1Q7dAurb1dzhbg=
=bhnZ
-----END PGP SIGNATURE-----
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?list_id=735
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?list_id=735