On Fri, 2010-03-05 at 14:40 +1030, Tim wrote:
On Thu, 2010-03-04 at 13:42 -0700, Craig White wrote:
> At this stage, I simply will not accept mail from any smtp server
> whose forward & reverse DNS don't match. So if you are sending me
> e-mails from server
mail.example.com you better have a reverse DNS
> address that tells me that your ip address points to
mail.example.com.
That's a rather bad idea, and simply not workable for an *awful* lot of
people. You *will* be rejecting legit mail with that methodology.
Although many of us have our own domains, many of them will be hosted by
a service which hosts hundreds or thousands of other sites using virtual
named based hosting. We don't each get an IP, and it's completely
impractical to expect that in an IPv4 world. The reverse IP will point
to the host's domain name, not ours.
You need to do *better* testing than simply forward and reverse checking
of one domain name.
----
first... at the point where AOL and other big user systems started
enforcing that rule, it made total sense for me to do likewise. If you
don't have forward/reverse dns resolution for your smtp server, you
aren't getting e-mail through to the mail servers with a large user
base, you aren't getting through to my servers either. You can stand on
a soap box and shout about what you think is practical but if you can't
get mail through to the big boys...
I actually have a long set of postfix rules which determine which mail
gets through - far more than 'simply forward and reverse checking' and
I'm surprised that you would think I would do less. I start with
greylisting, I also require a full helo/ehlo, valid user, resolvable
domain and more. I also use MailScanner which fully scores for spam and
also implements phishing, virus checking and much more. I do this for
many companies that are my clients and I get absolutely no complaints
(and very little spam).
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.