My 2 cents... The presence or absence of a PTR record is, to me, like a reverse-DNS Literacy Test.
History records that Literacy Tests didn't fare too well, as voting requirements, in the "real" (non-IT) world. In fact, they were just thin pretexts for racial bigotry, recognized as such, and eradicated. http://en.wikipedia.org/wiki/Literacy_test#voting Do we think that a reverse-DNS Literacy Test will fare any better, as a way to ensure that only "fine, upstanding, properly-complected" TCP/IP-capable devices send mail? I'm all for combatting spam, and I'm all for populating reverse DNS, where it makes sense for certain device classes or types, but I just don't see the value of linking those things together. It's a bad marriage. Lastly, what causes us, as a private enterprise, more heartburn in practice, is not missing PTRs, but *mismatched* PTRs (the RDATA of the PTR resolves to a *different* A/AAAA record). The compulsive drive to machine-generate PTRs, combined with sloppy maintenance processes and controls, actually exacerbates *that* problem. It would actually be better "if you can't do it right, then don't do it at all", with respect to PTR-record creation, among many of our hosting providers. - Kevin -----Original Message----- From: DNSOP [mailto:[email protected]] On Behalf Of Paul Vixie Sent: Thursday, May 14, 2015 4:31 AM To: Shane Kerr Cc: [email protected] Subject: Re: [DNSOP] Rejecting Practice for Theory (was Re: relax the requirement for PTR records?) Shane Kerr wrote: > ... > > However, as far as I can tell everyone insisting that PTR is important > is arguing that the world would be a better place if every endpoint on > the Internet was equal. if by "equal" you mean "so expensive that it won't be an open relay, won't get infected with relaying malware, will be monitored, will be upgraded, and its owner will accept complaints about it" then yes i'd argue that the world would be a better place if every endpoint on the internet was "equal". however, it ain't so, and ain't ever gonna be so. most devices are cheap, mobile, proprietary shankware. IoT is going to accelerate that trend unimaginably (unless you have an exquisitely dark imagination.) so, given that endpoints aren't equal, and that by sheer mass of numbers, most endpoints are dangerous to themselves and others, i'd like some method by which i, as an SMTP responder, can tell the difference. lack of PTR, and machine-generated PTR, are pretty good telltales, just expensive in the case of machine-generated. any rules change should either make that situation better, or at minimum, not make it worse. but i think i'm offering a minor summary-correction, in that i'm not arguing for endpoint equality. rather, i'm arguing that in the proved absence of such equality, we have other steps we MUST take as receivers. ("be liberal in what you accept" stopped being a good idea in 1995 or so when commercialization/privatization took hold.) -- Paul Vixie _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
