I misread your email then, my bad. As far as I understand it now, is that you are getting the hostname by reverse DNS lookup against the connecting SMTP peer (that is sending a mail).
Then you use that FQDN to for a DNS A RR query. And you expect this IP address to match to match against the SMTP peer's IP. This is even worst than my initial understanding. Why would you want a DNS A RR to match an IP that is often founs as MX RR. Are you assuming A RR == MX RR? They won't match in many cases. If you query for an MX DNS RR instead of A RR, it would be less stupid (but is still stupid). Paul Vixie's proposal was similar. Final answer is your practical results. How many FP and TP are you getting? I would get crazy high FP in my case. ------Original Message------ From: dar...@chaosreigns.com To: users@spamassassin.apache.org Subject: Re: Full circle DNS test? Sent: Oct 30, 2010 9:26 AM I never said anything about the domain matching the MAIL FROM. Or anything else. Just that the sending IP have a PTR record which matches an A record which matches the sending IP. Any domain. And, of course, the test would have false positives, as do most others. But as I said, I already block all email at my MTA that doesn't pass it. Since January 2007, apparently. So I think it's worth having a test for. On 10/30, m...@khonji.org wrote: > How do you expect this to handle cases when a single IP address (i.e single > MTA) is responsible for sending emails for multiple domains. The domain name > match won't happen for all. > > That's why we have SPF, SenderID (MS didn't want to feel left out, and DKIM > (RFC standard). > > As far as reverse lookup goes, AOL requires MTAs to have a reverse PTR zone > in a form of FQDN, but doesn't mandate exact match of the domain found in > MAIL FROM in SMTP header. Which is less restricted than your sugge stion. > > BTW, back in dark ages, there were discussions in RFC mailing lists of > similar approaches like yours but got rejected. Paul Vixie had his own > suggestions too. -- "There never has been an answer. There never will be an answer. That's the answer." - Gertrude Stein http://www.ChaosReigns.com --- Mahmoud Khonji
