>We had problems sending email to AOL and several others, and it came up
>that we do not have a PTR record. We contacted the agency that hosts our
>DNS and were told that "Some people prefer not to have them to provide a
>slightly increased level of security." What are the perceived security
>risks of having a PTR record? Pros and cons?
Technically, I believe the RFCs require them, but lots of people don't have
them. The main reason isn't security, the main reason is laziness: While
forward DNS is clearly necessary and can be figured out with a bit of work,
reverse DNS doesn't seem as necessary and is quite a bit more difficult to
figure out.
I've never heard of any security problems with having a reverse DNS
entry. The only issue I can think of is that if your server connects to
any other site, they can figure out based on your IP address what your
domain name is. And how is that bad? They can find out by connecting to
your SMTP server anyways. And, if they are curious enough to do a reverse
DNS lookup, they are likely going to know how to do a WHOIS on the IP
address (by going to http://www.declude.com/tools , for example) to find
out who you are.
And, as you have found out, some domains won't accept mail if there is no
reverse DNS entry. I think it is extreme to block mail based on that, but
it's probably about time for me to stop discussing mail filtering and
blocking and such. :)
-Scott
Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for
IMail. http://www.declude.com
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
