[45928] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

RE: Reverse DNS and SMTP

daemon@ATHENA.MIT.EDU (Daniel Lark)
Thu Feb 28 15:35:51 2002

Reply-To: <dlark@elmresources.com>
From: "Daniel Lark" <dlark@elmresources.com>
To: "'Patrick Muldoon'" <doon@inoc.net>, <nanog@merit.edu>
Date: Thu, 28 Feb 2002 13:35:09 -0700
Message-ID: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAS1TF+qltvxGKivZSt6IHk8KAAAAQAAAACK21kwBTCkuXt5tqC5fvFwEAAAAA@elmresources.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
In-reply-to: <00e901c1c094$93437910$7000000a@DOON>
Errors-To: owner-nanog-outgoing@merit.edu


You are most correct, it is definitely a double edged sword. Let's say
you try to reverse DNS on an address who's nameserver is down or
otherwise unreachable, what then? Some admins I know deliberately do run
reverse DNS as they view it as system cracker tool, or they feel it is
an unwarranted load, RFCs be damned. Is this admin decision the fault of
the user?

You are not first one to try this. I have tried this myself and a
financial type didn't get an important email because of it. You know the
rest of the story.

A better solution is to check the ip and see if it is an MX record for
the domain the mail purports to be from.

Just my opinion, and I could wrong.

-dan

-----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of
Patrick Muldoon
Sent: Thursday, February 28, 2002 1:15 PM
To: nanog@merit.edu
Subject: Reverse DNS and SMTP


	We have recently implemented a policy on our mail servers of not
accepting mail from hosts that do not correctly resolve via reverse DNS.
While we on the technical side love the idea, there have been some
questions from the business side of the house.  

	If an ISP who doesn't have reverse DNS setup correctly on their
mail servers, we point them to the RFC's and generally offer to help
them correct it.  
	We have noticed that our spam has reduced drastically, and the
complaints are few, but alas this is a double edged sword, where if you
even block 1 legitimate e-mail out of the 100K+ that we receive daily,
someone is going to complain.   

Just curious if anybody here is doing the same and the response that
they have had from doing so.  Replies off list are fine and I will
summarize if people are interested.  

Thanks, 
Patrick

--
Patrick Muldoon, Network/Software Engineer
INOC, LLC
doon@inoc.net

Press Ctrl-Alt-Del now for IQ test.




home help back first fref pref prev next nref lref last post