On Oct 23, 2014, at 7:23 AM, Mwendwa Kivuva <kiv...@transworldafrica.com> wrote: > and given the weakness of the Reverse DNS access for security purposes, what > problem is this draft trying to solve? If we need to find the host that has > sent an email associated with an address, would we better let DKIM address > that without a separate lookup in the receiving server? DKIM detects email > spoofing by using digital signature allowing receiving mail exchangers to > check that incoming mail from a domain is authorized by that domain's > administrators.
For me at least the main values of the reverse DNS are: - answers the question "what host is contacting me" in situations where I am _not_ under attack, which is really useful in logs and other debugging and network management settings. - provides place to hang information relating to a host's IP address DKIM is a solution that is applicable only to a specific protocol, so it can't address this in a general way. Like you I would like to see the end of the use of reverse lookups for "security," but reverse lookups are still useful. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop