On 9/19/2016 4:29 PM, Dave Lugo wrote:
On Mon, 19 Sep 2016, Mike Tubby wrote:
There is no 'law' that says your reverse DNS must work and its simply
dangerous to use the heuristic no rDNS => High probability of SPAM.
I respectfully disagree. It's as dangerous as any other very effective
spam filtering method - high accuracy, low FPs.
Yes, you should have some way to override the missing rDNS check. But
rejecting on missing rDNS is mostly safe, in my opinion and experience.
My point is that there's nothing in any of the RFCs that says your
reverse DNS must work which is why we perform our checking against known
block lists such as SpamHaus et. al.
Our experience is that rDNS cannot be used reliably for several reasons
* multiple hosts behind load balancer
* mis-match between exact host and generic host like
"mx01a.megacorp.com" and "mx.megacorp.com"
* internal hosts calling out through firewalls, eg. host
MSEXCH01.internal.megacorp.com calls out through a firewall with a
public IP that either reverses to "fw.megacorp.com" or in case of some
organisations like the police is simply anonymous (no rDNS)
hence our experience is that it is dangerous to attribute lack of
correct rDNS to being SPAM, however YMMV ;-)
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/