It's a one way correlation. If the rDNS is busted, you can be pretty
sure you don't want the mail. If the rDNS is OK, you need more clues.
Pretty sure, but far from certain.
Even this one-way correlation is rather tenuous. It’s mostly harmless because
everyone knows that mail servers are filtering on this basis and legitimate
senders therefore force themselves into workarounds.
Having talked to a lot of people who run large mail systems, it's much
simpler than that. If you want people to accept your mail, you better
have your DNS under control. If it's not important enough to you to make
your DNS work, it's not important enough to me to look at what you might
try to send.
Fortunately for everyone’s sake, Bj0rn, while he may not like it, seems to find
a way to send his email via some mechanism that allows me to receive it from
a host that has working rDNS.
Yeah, funny about that.
Spamassassin is as good an example as any and while it can be effective if
you’ve
got the cycles to keep it constantly updated and fed with new information and…,
it’s a rather large PITA for a small site with an admin that needs to count on
most things running on autopilot most of the time in order to survive.
That would be me, a daily cron job to install updates does the trick.
It's not perfect but it's good enough.
People who want to be malicious are usually less willing to do so if they know
that
they will be identified, so actually, it does help.
i.e. rarely to bank robbers sign their names to the robbery note.
Of course not. What it means is that now they attack the authentication
systems. They do so in many ways, from stealing grandma's credentials on
botted computers to buying SIMs in bulk to defeat schemes that want to tie
a unique phone number to each account.
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly
