[192486] in North American Network Operators' Group
RE: IPv6 automatic reverse DNS
daemon@ATHENA.MIT.EDU (Keith Medcalf)
Sat Oct 29 11:45:00 2016
X-Original-To: nanog@nanog.org
Date: Sat, 29 Oct 2016 09:44:55 -0600
In-Reply-To: <2EFB5469-E3E5-4E00-A4B3-88C5FE8AA00A@blighty.com>
From: "Keith Medcalf" <kmedcalf@dessus.com>
To: "nanog@nanog.org" <nanog@nanog.org>
Cc: Steve Atkins <steve@blighty.com>
Errors-To: nanog-bounces@nanog.org
On Friday, 28 October, 2016 19:37, Steve Atkins <steve@blighty.com> wrote:
> > On Oct 28, 2016, at 6:04 PM, Karl Auer <kauer@biplane.com.au> wrote:
> >> 1b) anti spam filters believe in the magic of checking
> >> forward/reverse match.
> > Someone in this thread said that only malware-infested end-users are
> > behind IP addresses with no reverse lookup. Well - no. As long as we
> > keep telling anyone who isn't running a full-bore commercial network to
> > "consume, be silent, die", we are holding everyone back, including
> > ourselves.
> If you send mail over IPv6 from an address with no reverse DNS you
> will see quite a lot of this sort of thing:
> 550 5.7.1 [*] Our system has detected that this message
> 5.7.1 does not meet IPv6 sending guidelines regarding PTR records and
> 5.7.1 authentication. Please review
> 5.7.1 https://support.google.com/mail/?p=3Dipv6_authentication_error for
> more
> 5.7.1 information.
> > It's fine to use no-reverse-lookup as a component of a spamminess
> > score. It's not OK to use it as proof of spamminess.
> People running large mailservers made that decision some time
> ago. Disagreeing with them won't make them accept your email.
Actually, it was *long* before that. I think it is STD 1 or STD 2 -- requi=
rements for connecting a host to the internet. All "deliberate" Internet h=
osts performing useful functions should have matching forward and reverse D=
NS and should expect to be labelled as "untrustworthy in the extreme" if th=
ey do not. Assigning meaning to the resolved DNS name (embeded parts) is w=
hat came much later.
