Re: [mailop] United Airlines / mileageplus DNS/rDNS mismatch issue

[Bill Cole via mailop]

On 2023-05-09 at 16:17:57 UTC-0400 (Tue, 9 May 2023 20:17:57 +)
Gellner, Oliver via mailop 
is rumored to have said:

I’d be surprised if there are many members on this list whose 
systems do not penalize connections from IP addresses without a fully 
confirmed reverse DNS entry one way or the other. Maybe I‘m wrong, 
but then I‘d like to hear from them.


I do not penalize such connections, in part because the systems I manage 
are hypersensitive to rejecting MS365 mail.


Also because it isn't useful. It IS useful to reject clients with no PTR 
and to match some name patterns in PTR results that are "generic."



--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] United Airlines / mileageplus DNS/rDNS mismatch issue

[Atro Tossavainen via mailop]

> I think we have to disagree here.  The PTR naming is set via
> SendGrid. It doesn't NEED to be the same as the A record. This is
> for those MTA's that do forward/reverse matching, which isn't always
> successful.
> 
> Yes, doing that for a IPv6 email address to satisfy Google, go ahead.
> 
> But nothing wrong with sending an email from a PTR with a name, that
> doens't have the FQDN forward/reverse matched.

RFC 1912 #2.1

It is 27 years old.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] United Airlines / mileageplus DNS/rDNS mismatch issue

[Gellner, Oliver via mailop]

> On 09.05.2023 at 20:46 Michael Peddemors via mailop wrote:
>
> But nothing wrong with sending an email from a PTR with a name, that doens't 
> have the FQDN forward/reverse matched.
>
> As long as there is a URL associated with the domain name.
>
> eg. http://mileageplus.com (Redirect to UA site URL)

Without an A record that maps back to the IP address, there is no direct way 
for the receiver to verify whether the PTR entry is legitimate. Everyone can 
create a PTR record for his own IP address that resolves to mileageplus.com or 
google.com.

I’d be surprised if there are many members on this list whose systems do not 
penalize connections from IP addresses without a fully confirmed reverse DNS 
entry one way or the other. Maybe I‘m wrong, but then I‘d like to hear from 
them.

—
BR Oliver



dmTECH GmbH
Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe
Telefon 0721 5592-2500 Telefax 0721 5592-2777
dmt...@dm.de * www.dmTECH.de
GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927
Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher

Datenschutzrechtliche Informationen
Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser 
ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in 
Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich 
bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter 
anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie 
die Kontaktdaten unserer Datenschutzbeauftragten finden Sie 
hier.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] United Airlines / mileageplus DNS/rDNS mismatch issue

[Michael Peddemors via mailop]

Yeah.. always take stats with a grain of salt..

Besides, we know that spammers adopt these things faster than real 
companies.. hehehe..


But the ones that don't have it (fcRdns) are often the emails that 
people scream the most about missing.


oaky, going back to looking at the threat research stuff.. I have been 
amiss with sending my state of the union reports the last couple of weeks.




On 2023-05-09 12:18, Tobias Fiebig via mailop wrote:

Heho,

hm, not sure. Looking at the 'email-security-scans.org' data, fcrdns is
at ~95.5% of senders. For comparison:

DKIM: ~55.2%
SPF & Valid: ~91.0%
TLS: ~96.0%
Greylisting (attempting to resend): ~97.4%
IPv4: ~97.9%
IPv6 (sending): 56.2%
IPv6 (sending+auth DNS+rec DNS): ~35.7%

So even though that sample is a bit biased, i'd say that fcrDNS is more
'lived practice' than SPF. ;-)

With best regards,
Tobias

On Tue, 2023-05-09 at 11:40 -0700, Michael Peddemors via mailop wrote:

Hi Laura,

I think we have to disagree here.  The PTR naming is set via
SendGrid.
It doesn't NEED to be the same as the A record. This is for those
MTA's
that do forward/reverse matching, which isn't always successful.

Yes, doing that for a IPv6 email address to satisfy Google, go ahead.

But nothing wrong with sending an email from a PTR with a name, that
doens't have the FQDN forward/reverse matched.

As long as there is a URL associated with the domain name.

eg. http://mileageplus.com (Redirect to UA site URL)

Perfect forward/reverse FQDN matching is still a little aggressive
IMHO,
and especially problematic.  Some people think they need 20 PTR
records,
one for each A record.. (No, that is worse)

Postfix does allow forward/reverse checking, I would NOT enable that
for
the IPv4 space (yet)

On 2023-05-09 10:22, Laura Atkins via mailop wrote:

That’s a Sendgrid IP, they likely told UA to put in a DNS record,
but UA
never did. ¯\_(ツ)_/¯ n


On 9 May 2023, at 18:01, Stephen Frost via mailop

wrote:

Greetings,

I'm getting some inbound email attempts that I believe are
legitimate
from United Airlines that are being rejected due to:

May  9 12:55:38 tamriel postfix/smtpd[1221960]: warning: hostname
o1.email.smallbusiness.mileageplus.com does not resolve to
address
50.31.61.242

Tracking this back, near as I can tell, postfix is correct here
in that
50.31.61.242 / 242.61.31.50.in-addr.arpa resolves to
o1.email.smallbusiness.mileageplus.com but
o1.email.smallbusiness.mileageplus.com doesn't seem to actually
exist:

dig o1.email.smallbusiness.mileageplus.com a

;o1.email.smallbusiness.mileageplus.com.IN A

;; AUTHORITY SECTION:
smallbusiness.mileageplus.com. 600 INSOA
vndcdf-fs-gma3-vip.ual.com. ualipconfig.united.com. 40 10800
3600
2592000 600

Hopefully someone on here is from UA or knows how to get in touch
with
someone there who could like into fixing that.

Thanks,

Stephen
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop


--
The Delivery Experts

Laura Atkins
Word to the Wise
la...@wordtothewise.com

Email Delivery Blog: http://wordtothewise.com/blog







___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop





___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop



--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] United Airlines / mileageplus DNS/rDNS mismatch issue

[Tobias Fiebig via mailop]

Heho,

hm, not sure. Looking at the 'email-security-scans.org' data, fcrdns is
at ~95.5% of senders. For comparison:

DKIM: ~55.2%
SPF & Valid: ~91.0%
TLS: ~96.0%
Greylisting (attempting to resend): ~97.4%
IPv4: ~97.9%
IPv6 (sending): 56.2%
IPv6 (sending+auth DNS+rec DNS): ~35.7%

So even though that sample is a bit biased, i'd say that fcrDNS is more
'lived practice' than SPF. ;-)

With best regards,
Tobias 

On Tue, 2023-05-09 at 11:40 -0700, Michael Peddemors via mailop wrote:
> Hi Laura,
> 
> I think we have to disagree here.  The PTR naming is set via
> SendGrid. 
> It doesn't NEED to be the same as the A record. This is for those
> MTA's 
> that do forward/reverse matching, which isn't always successful.
> 
> Yes, doing that for a IPv6 email address to satisfy Google, go ahead.
> 
> But nothing wrong with sending an email from a PTR with a name, that 
> doens't have the FQDN forward/reverse matched.
> 
> As long as there is a URL associated with the domain name.
> 
> eg. http://mileageplus.com (Redirect to UA site URL)
> 
> Perfect forward/reverse FQDN matching is still a little aggressive
> IMHO, 
> and especially problematic.  Some people think they need 20 PTR
> records, 
> one for each A record.. (No, that is worse)
> 
> Postfix does allow forward/reverse checking, I would NOT enable that
> for 
> the IPv4 space (yet)
> 
> On 2023-05-09 10:22, Laura Atkins via mailop wrote:
> > That’s a Sendgrid IP, they likely told UA to put in a DNS record,
> > but UA 
> > never did. ¯\_(ツ)_/¯ n
> > 
> > > On 9 May 2023, at 18:01, Stephen Frost via mailop
> > >  
> > > wrote:
> > > 
> > > Greetings,
> > > 
> > > I'm getting some inbound email attempts that I believe are
> > > legitimate
> > > from United Airlines that are being rejected due to:
> > > 
> > > May  9 12:55:38 tamriel postfix/smtpd[1221960]: warning: hostname
> > > o1.email.smallbusiness.mileageplus.com does not resolve to
> > > address 
> > > 50.31.61.242
> > > 
> > > Tracking this back, near as I can tell, postfix is correct here
> > > in that
> > > 50.31.61.242 / 242.61.31.50.in-addr.arpa resolves to
> > > o1.email.smallbusiness.mileageplus.com but
> > > o1.email.smallbusiness.mileageplus.com doesn't seem to actually
> > > exist:
> > > 
> > > dig o1.email.smallbusiness.mileageplus.com a
> > > 
> > > ;o1.email.smallbusiness.mileageplus.com.IN A
> > > 
> > > ;; AUTHORITY SECTION:
> > > smallbusiness.mileageplus.com. 600 INSOA 
> > > vndcdf-fs-gma3-vip.ual.com. ualipconfig.united.com. 40 10800
> > > 3600 
> > > 2592000 600
> > > 
> > > Hopefully someone on here is from UA or knows how to get in touch
> > > with
> > > someone there who could like into fixing that.
> > > 
> > > Thanks,
> > > 
> > > Stephen
> > > ___
> > > mailop mailing list
> > > mailop@mailop.org
> > > https://list.mailop.org/listinfo/mailop
> > 
> > -- 
> > The Delivery Experts
> > 
> > Laura Atkins
> > Word to the Wise
> > la...@wordtothewise.com
> > 
> > Email Delivery Blog: http://wordtothewise.com/blog
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > ___
> > mailop mailing list
> > mailop@mailop.org
> > https://list.mailop.org/listinfo/mailop
> 
> 

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] United Airlines / mileageplus DNS/rDNS mismatch issue

[Michael Peddemors via mailop]

Hi Laura,

I think we have to disagree here.  The PTR naming is set via SendGrid. 
It doesn't NEED to be the same as the A record. This is for those MTA's 
that do forward/reverse matching, which isn't always successful.


Yes, doing that for a IPv6 email address to satisfy Google, go ahead.

But nothing wrong with sending an email from a PTR with a name, that 
doens't have the FQDN forward/reverse matched.


As long as there is a URL associated with the domain name.

eg. http://mileageplus.com (Redirect to UA site URL)

Perfect forward/reverse FQDN matching is still a little aggressive IMHO, 
and especially problematic.  Some people think they need 20 PTR records, 
one for each A record.. (No, that is worse)


Postfix does allow forward/reverse checking, I would NOT enable that for 
the IPv4 space (yet)


On 2023-05-09 10:22, Laura Atkins via mailop wrote:
That’s a Sendgrid IP, they likely told UA to put in a DNS record, but UA 
never did. ¯\_(ツ)_/¯ n


On 9 May 2023, at 18:01, Stephen Frost via mailop  
wrote:


Greetings,

I'm getting some inbound email attempts that I believe are legitimate
from United Airlines that are being rejected due to:

May  9 12:55:38 tamriel postfix/smtpd[1221960]: warning: hostname 
o1.email.smallbusiness.mileageplus.com does not resolve to address 
50.31.61.242


Tracking this back, near as I can tell, postfix is correct here in that
50.31.61.242 / 242.61.31.50.in-addr.arpa resolves to
o1.email.smallbusiness.mileageplus.com but
o1.email.smallbusiness.mileageplus.com doesn't seem to actually exist:

dig o1.email.smallbusiness.mileageplus.com a

;o1.email.smallbusiness.mileageplus.com.IN A

;; AUTHORITY SECTION:
smallbusiness.mileageplus.com. 600 INSOA 
vndcdf-fs-gma3-vip.ual.com. ualipconfig.united.com. 40 10800 3600 
2592000 600


Hopefully someone on here is from UA or knows how to get in touch with
someone there who could like into fixing that.

Thanks,

Stephen
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop


--
The Delivery Experts

Laura Atkins
Word to the Wise
la...@wordtothewise.com

Email Delivery Blog: http://wordtothewise.com/blog







___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop



--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] United Airlines / mileageplus DNS/rDNS mismatch issue

[Laura Atkins via mailop]

That’s a Sendgrid IP, they likely told UA to put in a DNS record, but UA never 
did. ¯\_(ツ)_/¯ n

> On 9 May 2023, at 18:01, Stephen Frost via mailop  wrote:
> 
> Greetings,
> 
> I'm getting some inbound email attempts that I believe are legitimate
> from United Airlines that are being rejected due to:
> 
> May  9 12:55:38 tamriel postfix/smtpd[1221960]: warning: hostname 
> o1.email.smallbusiness.mileageplus.com does not resolve to address 
> 50.31.61.242
> 
> Tracking this back, near as I can tell, postfix is correct here in that
> 50.31.61.242 / 242.61.31.50.in-addr.arpa resolves to
> o1.email.smallbusiness.mileageplus.com but
> o1.email.smallbusiness.mileageplus.com doesn't seem to actually exist:
> 
> dig o1.email.smallbusiness.mileageplus.com a
> 
> ;o1.email.smallbusiness.mileageplus.com.  IN A
> 
> ;; AUTHORITY SECTION:
> smallbusiness.mileageplus.com. 600 IN SOA vndcdf-fs-gma3-vip.ual.com. 
> ualipconfig.united.com. 40 10800 3600 2592000 600
> 
> Hopefully someone on here is from UA or knows how to get in touch with
> someone there who could like into fixing that.
> 
> Thanks,
> 
> Stephen
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop

-- 
The Delivery Experts

Laura Atkins
Word to the Wise
la...@wordtothewise.com 

Email Delivery Blog: http://wordtothewise.com/blog  






___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] United Airlines / mileageplus DNS/rDNS mismatch issue

[Stephen Frost via mailop]

Greetings,

I'm getting some inbound email attempts that I believe are legitimate
from United Airlines that are being rejected due to:

May  9 12:55:38 tamriel postfix/smtpd[1221960]: warning: hostname 
o1.email.smallbusiness.mileageplus.com does not resolve to address 50.31.61.242

Tracking this back, near as I can tell, postfix is correct here in that
50.31.61.242 / 242.61.31.50.in-addr.arpa resolves to
o1.email.smallbusiness.mileageplus.com but
o1.email.smallbusiness.mileageplus.com doesn't seem to actually exist:

dig o1.email.smallbusiness.mileageplus.com a

;o1.email.smallbusiness.mileageplus.com.IN A

;; AUTHORITY SECTION:
smallbusiness.mileageplus.com. 600 IN   SOA vndcdf-fs-gma3-vip.ual.com. 
ualipconfig.united.com. 40 10800 3600 2592000 600

Hopefully someone on here is from UA or knows how to get in touch with
someone there who could like into fixing that.

Thanks,

Stephen


signature.asc
Description: PGP signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop