[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The anti-abuse rDNS check that FTP gave up
On 05/10/2011 16:28, Storz, Michael wrote:
Another name for the iprev test is "Forward Confirmed reverse DNS" (FCrDNS). With Postfix you configure it with the two commands
We use this check since years as our first defense against botnet spam with great success. In the last 7 days we rejected emails for nearly 22.000.000 recipients. 49% did not have a PTR record, 29% did not have a matching A record.
Where does RFC 5321 say that a sending MTA needs a PTR record? (or even
an A record?)
If it doesn't, then the lack of a PTR record does not indicate that the
MTA is 'wrongly configured'.
Failing FCrDNS shouldn't be sufficient to reject mail. Lots of MTAs
can't have a 'correct' reverse DNS entry, even if they have one at all.
Use valid FCrDNS as a way of validating whitelist entries, but surely
not for more than that.