mail filtering based on reverse DNS

[Mike Jones]

On 11 August 2011 10:15, Erik Kline <ek at google.com> wrote:
> Certainly I and others have thought of writing our own auto-PTR
> response generator for delegated reverse zones.  I see now that the
> success of a PTR-verification scheme depends on ISPs *not* doing this
> for every J. Random Customer.
>

I personally feel that the era of "all hosts should have meaningless
reverse DNS" should be left as a historical IPv4 practice and not
brought forward to IPv6 as the only real benefit such automatic
records serve is saving you spending 5 seconds doing a whois lookup
for find a users ISP, but if you have a reason to look up an IP
address then you'll do a whois lookup anyway even after looking at the
hostname. Unfortunately it only takes a few ISPs doing this for other
people to be forced to accept it. Of course routers (looking at your
employer here!) and servers should still be set up with proper entries
as they serve useful diagnostic purposes.

Perhaps this needs a multi-stage system, reject mail from hosts with
no reverse DNS then test for the presence of "mail" or "smtp" etc in
the hostname and factor this in to spam filters, so
"185479346345.customer542345.example.net" starts off with a higher
spam rating than "mail.example.net"?

I am not keen on a requirement that mail servers should be given a
specific mail-related hostname, however it is a possible solution to
consider with IPv6 where it is a lot easier to add additional
service-specific addresses to a box (assuming the MTA has an option to
bind to a specific address for outbound connections, i've not checked
if common ones do).

- Mike