[Mimedefang] OT: DNS sanity check

[John Rudd]

Jeff Rife wrote:
> On 5 Jul 2007 at 12:01, John Rudd wrote:
> 
>>> Look at the messages that are being rejected solely because of the 
>>> extra 5 points you score for bad DNS.  I'm willing to bet that this is 
>>> a very small number of messages.
>> It's not.  Further, it means that the message had to be both spammy 
>> enough to score a 5 on its own, AND come from a host with poorly managed 
>> DNS.  That really does narrow down the field.
> 
> You still misunderstand.
> 
> Count the number of messages that you reject *solely* because of the 
> bad DNS check.  If you can't figure out how to do this, you will always 
> misunderstand.  If you do figure it out, you will see that the number 
> is much smaller than you believe.

No, I do understand. You're just wrong.  I do get those statistics in a 
nightly report.  The rate of you're talking about varies between 25% and 
50% (yesterday was 40%) of all of the ones that were rejected.  And of 
last night's 40%, none were false positives.

(the "flagged for no ptr record at all, and rejected for a score between 
10 and 15" group was 15%)

Don't assume that because I don't come to the same conclusion that you 
do that I don't understand.  That's just condescending.


> Configured not to be null...yes.  Configured so that reverse and 
> forward mappings match up...not nearly as often as you think.  For 
> example, mine would fail that test because I have an ISP that won't 
> change reverse DNS. 

that doesn't mean you can't have matching forward and reverse entries.

You could have:

myhost.exmaple.com     IN   A    W.X.Y.Z
Z.X.Y.W.in-addr.arpa   IN   PTR  isphost.isp.net
isphost.isp.net        IN   A    W.X.Y.Z

Now you've got both a personal/customized domain, AND matching PTR and A 
records, even though the ISP wont customize your PTR record.