On 4/26/2005 09:58, James Ebright wrote: > Hello all, this is a bit off topic but relevant. > > We finally decided it was probably time to implement AOL style reverse DNS > checks into our MTA. Since AOL has been doing it now for something like 6 > months it is a pretty fair bet that most US customers that are legit have > corrected their DNS issues... or so we thought!
I think AOL's approach to this is reasonable. It's not as strict as you might think. From what Carl said on the SPF list a while back they check just for the existence of a PTR but not that it necessarily match 100% with the MX/A record. For example, because we outsource dns service to easydns and because our isp's (SBC) policy is to not do custom PTR records unless they're doing the forward hosting also we are stuck with just plain generic PTR records for our block (ip.addr.sbc.com etc...). As an aside, I think Carl et al have done a great job at turning around one of the biggest spam problems of a few years ago. I remember when most spam I got came from AOL. No problems sending to AOL so far. I'm sure there are lots of other people in the same boat. I guess if AOL changes to full reverse validation then we'll be forced to degrade our domain's DNS service level and host it all our self. If you do strict reverse checking you'll definitely throw out valid mail. You'll just have to see if that's OK or how much BOFH you can get away with. ~Jason -- _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
