[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Wierd reverse DNS resolution might affect spam filters

At 7:26 PM +0100 6/23/06, Tony Finch imposed structure on a stream of electrons, yielding:
David Wilson <David.Wilson at isode.com> wrote: 

Some years ago a colleague told me that some resolvers, when doing rDNS
lookup with then perform a forward lookup of the hostname, to check that
the A records for the name contain the IP address with which you
started.


I believe this is usually done in the applications rather than in the
resolver itself.

If not true, perhaps it is something which SMTP servers should do
themselves, before using the rDNS name for authorization.


What do you mean "perhaps"? Decent MTAs (e.g. Exim) have been doing this
for many years.


And see http://www.sendmail.org/faq/section3.html#3.38

Note that the date is the date that entry made it into the FAQ, not the implementation date. Sendmail has been noting such errors in Received headers since 8.8.6, almost exactly 10 years.

Basically, this is a non-issue. Reverse DNS has never really been trustworthy, and trusting an unverified rDNS result by itself for authentication is an unlikely error for any serious piece of modern software.

--
Bill Cole
bill at scconsult.com


_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg