[Mimedefang] OT: DNS sanity check
John Rudd
john at rudd.cc
Wed Jul 4 21:30:11 EDT 2007
Jeff Rife wrote:
> On 4 Jul 2007 at 17:06, John Rudd wrote:
>
>> Your counter-assertion against this behavior is completely unfounded.
>> There is nothing that says you MUST NOT nor SHOULD NOT reject based upon
>> the sender's bad DNS (the only prohibition that comes close is based
>> upon the sender's bad HELO). A sender who doesn't have matching A and
>> PTR records is violating best practices. It is perfectly reasonable to
>> reject a sender's email when you know they're violating best practices.
>
> No, it's not "reasonable". It's certainly allowed, but it's not at all
> reasonable, because those same "best practices" that you are using as
> your holy grail have also always said:
>
> "Be liberal in what you accept, and conservative in what you send"
>
> Unless the lack of DNS (or lack of correct DNS) is a show-stopper in
> your processing, I'd say that not rejecting e-mail based on a DNS
> inconsistency is absolutely the most reasonable thing to do.
Given that the vast majority of those senders are generating spam
and/viruses, I think accepting all of them is far more than just "being
liberal". It's being naive to the point of being a doormat. If this
wasn't the case, then I would agree that it's better to err on the side
of giving them the benefit of the doubt ... but the current state of the
net makes that an inappropriate decision.
However, I don't reject them on that basis alone. I mark them as spam
on that basis alone (5 points in SA). I only reject when the SA score
is 10+
More information about the MIMEDefang
mailing list