On Mon, 8 Feb 2010 22:08:10 -0500 dar...@chaosreigns.com wrote: > You get an email delivered from 64.71.152.40 (last untrusted > relay). You look up the DNS A record for that IP, and get > mail.chaosreigns.com. Then you look up the DNS PTR record of > 40.152.71.64.designatedsender.mail.chaosreigns.com, and if it's > 127.0.0.1, it's a legit email sender and gets some negative SA score. > Otherwise it's not, and gets some positive SA score (low at first > until adoption spreads).
You've mixed-up A record and PTR record. Checking for full-circle DNS already does most of this. What your scheme would do is check for otherwise legitimate servers that have been compromised and are delivering direct-to-mx.
