mail filtering based on reverse DNS
Doug Barton
dougb at dougbarton.us
Thu Aug 11 03:59:11 CEST 2011
On 08/10/2011 04:19, Bjørn Mork wrote:
> "Bjoern A. Zeeb" <bzeeb-lists at lists.zabbadoz.net> writes:
>> On Aug 9, 2011, at 4:17 PM, Bjørn Mork wrote:
>>
>>> Anyway, if you reject mail from IPv6 addresses without reverse DNS
>>> today, then you are guaranteed to reject legitimate mail. One might
>>> even question the usefulness of reverse IPv6 DNS as a low score spam
>>> rule. There are just too many matching legitimate sources.
>>
>> If one operates a legitimate mail server and is unable to provide any reverse
>> mapping for the v6 address I seriously do not care to not accept his email as
>> it's clearly not operated in a professional manner.
>
> OK.
>
> Sorry for those offended by the real example, but this is one of the
> addresses I found in my mail log:
>
> 2001:1890:1112:1::1e
>
> It does have a reverse pointer, so it's half-way there:
>
> bjorn at canardo:~$ dig +short -x 2001:1890:1112:1::1e
> mail.ietf.org.
>
> but the forward entry does not list that address, so my mail server
> ignores the reverse pointer:
>
> bjorn at canardo:~$ dig +short aaaa mail.ietf.org
> 2001:1890:123a::1:1e
>
>
> So, should I reject mail from 2001:1890:1112:1::1e? Are all those
> sending mail from the IETF necessarily unprofessional?
Naturally you've reported this to postmaster at ietf.org, right? The
reverses for A and AAAA addresses for mail.ietf.org match, so that
address looks like an anomaly that should be dealt with.
Doug
--
Nothin' ever doesn't change, but nothin' changes much.
-- OK Go
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
More information about the ipv6-ops
mailing list