On 10-03-04 23:10:45, Tim wrote:
On Thu, 2010-03-04 at 13:42 -0700, Craig White wrote:
> At this stage, I simply will not accept mail from any smtp server
> whose forward & reverse DNS don't match. So if you are sending me
> e-mails from server
mail.example.com you better have a reverse DNS
> address that tells me that your ip address points to
mail.example.com.
That's a rather bad idea, and simply not workable for an *awful* lot
of
people. You *will* be rejecting legit mail with that methodology.
Although many of us have our own domains, many of them will be hosted
by
a service which hosts hundreds or thousands of other sites using
virtual
named based hosting. We don't each get an IP, and it's completely
impractical to expect that in an IPv4 world. The reverse IP will
point
to the host's domain name, not ours.
You need to do *better* testing than simply forward and reverse
checking
of one domain name.
Yes, Craig's method won't work with any form of virtual hosting or even
when the server runs more than one service, as only one of them can be
the
official name. Servers I run specify which host they are, e.g., my own
rapidxen.georgeanelson.com, which won't work with Craig's method. RFC
1912 FCrDNS simply checks that one of the results of a reverselookup
maps
back to that IP.[1]
[1] <
http://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS>
--
____________________________________________________________________
TonyN.:' <mailto:tonynelson@georgeanelson.com>
' <
http://www.georgeanelson.com/>