>At this point I don't want to insist on it, but reward connections coming >from a properly configured SPF/DMP mta.
SPF is a domain anti-forgery tactic. > > SPF/DMP is great because the records are only in the forward zone, > > so mail servers that can't set up correct PTR can "escape" their PTR >problems by setting up SPF/DMP records. > >Exactly what I'm wanting to make use of. > > > To repeat an earlier point about using DNS records for validation: > > AOL rejects inbound mail with single criteria of no PTR, > > but how many of you are doing the same? > >Not there yet, still on my wish-i-could list. >Unfortunately users love to just "abandon" the better service to get their >mail rather than help resolve rejects > > > So are we now saying we will not/cannot reject mail from PTR-less IPs, > > but we will reject mail for SPF/DNP-less domains? > >No, don't want to reject for the lack of records, but I'de like to offer it >as a way to bypass my FP rejects. how will SPF records reduce reject of legit? >My joker matches often catch companies on DSL/fractional circuits and I gave >up trying to force everyone contacting me to fix their revdns and now my >DUNNO lines are getting large.. Who knows how many are stale. If the subscriber filter is too agressive, it's probably too agressive only for US networks, but 100% accurate for non-US nets. So #comment the entire subscriber networks for the nets that you are most commonly excepting with DUNNO. and/or try the helo_hostnames.regexp which will block a.b.c.d or a-b-c-d in the HELO hostname. If these "legit" jerks are both 1) on subscriber PTRs and 2) can't set up their HELO hostname with non-IP value, ... screw em. Len
