spamassassin-users October 2010 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: Full circle DNS test?

Re: Full circle DNS test?

From: <Darxus_at_nospam>
Date: Sat Oct 30 2010 - 05:26:35 GMT
To: users@spamassassin.apache.org

I never said anything about the domain matching the MAIL FROM. Or anything
else. Just that the sending IP have a PTR record which matches an A record
which matches the sending IP. Any domain. And, of course, the test would
have false positives, as do most others.

But as I said, I already block all email at my MTA that doesn't pass it.
Since January 2007, apparently. So I think it's worth having a test for.

On 10/30, m@khonji.org wrote:
> How do you expect this to handle cases when a single IP address (i.e single MTA) is responsible for sending emails for multiple domains. The domain name match won't happen for all.
>
> That's why we have SPF, SenderID (MS didn't want to feel left out, and DKIM (RFC standard).
>
> As far as reverse lookup goes, AOL requires MTAs to have a reverse PTR zone in a form of FQDN, but doesn't mandate exact match of the domain found in MAIL FROM in SMTP header. Which is less restricted than your sugge stion.
>
> BTW, back in dark ages, there were discussions in RFC mailing lists of similar approaches like yours but got rejected. Paul Vixie had his own suggestions too.

-- "There never has been an answer. There never will be an answer. That's the answer." - Gertrude Stein http://www.ChaosReigns.com