On 8 May 2013 at 3:03, Stan Hoeppner wrote: > On 5/7/2013 5:36 PM, /dev/rob0 wrote: > ... > > Peter has explained this: you indeed seem to have FCrDNS, just not > > Maybe my understanding of the definition of Forward Confirmed reverse > DNS is incorrect. I thought the definition of FCrDNS is that that the > forward and reverse names not only exist but also match. Apparently > they both must simply exist.
Your initial understanding is correct. FCrDNS is commonly associated with reverse and forward lookup results that are "in agreement", as described in RFC 5451 for the "iprev" message header field (see section 2.4.3. "iprev" Results). At least one of the returned names from the reverse lookup must resolve back to the IP: 1.2.3.4 -> host.example.com [ host2.example.com, host.other.co.uk... ] host.example.com [ || host2.example.com || host.other.co.uk... ] -> 1.2.3.4 = pass. However, RFC 5451 can be paraphrased thus: "iprev" is a nice idea in theory, but not recommended as a practical global authentication method. For public facing MXs that expect to receive emails from almost anywhere: Regional and corporate variations in rDNS implementation currently render FCrDNS impractical as a primary client rejection method. Mark
