Let me iterate that better as I knew after reading what I wrote that I would get a response like you describe...
I'm not saying an ISP (let's use ComCast as an example) would need to list DNS and NOT list rDNS or vice-versa....
In sendmail, DNS can match, not match (forged) or not exist (no Record).
ComCast could definitely use DHCP to update the DNS servers and selectively so. So the A record could be static while the reverse could be dynamic set on a different but still make-sense scheme for trouble shooting.
To sendmail though, they wouldn't *match* and that would be the key. They would still resolve forward and reverse with make-sense query answers, but the A wouldn't match the PTR and that's what would be key to sendmail.
Maybe I haven't thought it all the way through, but that would be a nifty thing to do for the spam problem.
Still, I don't see any big gain. As I said, viruses and worms would simply adapt. For example, they'll use ISP's mail server to relay. Most ISP's don't have virus scanners (too expensive). Another idea, they could carry a list of known open relays. Or relays could be set up specifically for them. They could update lists of relays to try from some IRC channel. Most of them already have the code to use IRC. So it wouldn't be difficult to implement this (couple of additional lines of code). This is just one idea. They could prbably adapt in many more other ways. Lot of work, for no or very little gain.
BTW, back to the original question of using HELO argument for filtering. One thing to note is that using HELO for any kind of checks is highly discouraged. If not in SMTP related RFCs, than at least by the people who actually wrote and/or influenced those RFCs. Also, argument to HELO can be a name that exists only as MX record. It is perfectly legal. I don't remember seeing requirement that HELO argument must exist as A record in DNS (but I might be wrong here). Sendmail will do it if given right combination of masquearde options. And there's no standard saying that MX record must have matching A record (well, usually it can't). Actually, sites that do have matching A records have them not because of email, they added them for web users (so that www.foobar.com and foobar.com resolve to same IP, that can be, and often is, different than any of the IP addresses that MX records indirectly point to).
-- Aleksandar Milivojevic <[EMAIL PROTECTED]> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7 _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
