[Mimedefang] OT - Using rDNS sendmail hack - your experiences
Jason Gurtz
jason at jasongurtz.com
Wed Apr 27 15:14:20 EDT 2005
On 4/26/2005 09:58, James Ebright wrote:
> Hello all, this is a bit off topic but relevant.
>
> We finally decided it was probably time to implement AOL style reverse DNS
> checks into our MTA. Since AOL has been doing it now for something like 6
> months it is a pretty fair bet that most US customers that are legit have
> corrected their DNS issues... or so we thought!
I think AOL's approach to this is reasonable. It's not as strict as you
might think. From what Carl said on the SPF list a while back they check
just for the existence of a PTR but not that it necessarily match 100%
with the MX/A record. For example, because we outsource dns service to
easydns and because our isp's (SBC) policy is to not do custom PTR records
unless they're doing the forward hosting also we are stuck with just plain
generic PTR records for our block (ip.addr.sbc.com etc...).
As an aside, I think Carl et al have done a great job at turning around
one of the biggest spam problems of a few years ago. I remember when most
spam I got came from AOL.
No problems sending to AOL so far. I'm sure there are lots of other
people in the same boat. I guess if AOL changes to full reverse
validation then we'll be forced to degrade our domain's DNS service level
and host it all our self.
If you do strict reverse checking you'll definitely throw out valid mail.
You'll just have to see if that's OK or how much BOFH you can get away with.
~Jason
--
More information about the MIMEDefang
mailing list