Do I really need an MX record? (for e-mail to work)

Mark Andrews Mark_Andrews at isc.org
Fri Feb 10 00:15:50 UTC 2006 

> In article <dsg1k4$15se$1 at sf1.isc.org>,
>  administrator at spam.yellowhead.com (John Coutts) wrote:
> 
> > In article <dsdfd8$137e$1 at sf1.isc.org>, csmith at dyndns.org says...
> > >
> > >Can you provide an example of a domain which blocks mail simply because 
> > >the PTR record does not match the name of the mail server? (Setting one 
> > >up yourself to provide as an example doesn't count) And how exactly do 
> > >these domains determine the A record? Do they base this on name provided 
> > >in the HELO command?
> > >-- 
> > >Christian Smith
> > >Dynamic Network Services, Inc.
> > >
> > *************** REPLY SEPARATER ****************
> > Yes here is a prime example, which was a fairly important piece of business
>  
> > mail. In this case, the IP does have a reverse lookup, but the resulting na
> me 
> > does not report the same "A" record. I have complained to POBox. but to no 
> > avail. At first they denied that they check the "A" record against the 
> > "PTR", but when I pressed them, they added the "or PTR and A records do not
>  
> > match" to the message. Big deal!
> > -------------------------------------------------------------
> > X-Pobox-Antispam: require_ptr/ returned deny: 204.209.35.42 has no PTR
> >  record, or PTR and A records do not match
> > X-Sift-Reason: require_ptr/ returned deny: 204.209.35.42 has no PTR record,
> >  or PTR and A records do not match
> > X-Sift-From: xxxxxxxxxx at trekescapes.com
> 
> 
> This is a perfect example of broken reverse DNS
> 
> % dig +noall +answer -x 204.209.35.42
> 42.35.209.204.in-addr.arpa. 0   IN      PTR     mail.rewired.net.
> 
> % dig +noall +answer mail.rewired.net
> mail.rewired.net.       3513    IN      A       216.234.167.142
> 
> 
> 216.234.167.142 != 204.209.35.42 so the verification of the reverse DNS 
> for 204.209.35.42 fails. 
> 
> 
> > --------------------------------------------------------------
> > 
> > Here is another one which is an order confirmation from Toysrus. In this 
> > case, 
> > there is simply no PTR record. I have informed Toysrus of the problem, and 
> > they 
> > politely thanked me and said they would take care of it. Months later, IBM 
> > (the 
> > network operator) has still not corrected the problem.
> > --------------------------------------------------------------
> > X-Pobox-Antispam: require_ptr/ returned deny: 170.224.105.33 has no PTR
> >  record, or PTR and A records do not match
> > X-Sift-Reason: require_ptr/ returned deny: 170.224.105.33 has no PTR record
> ,
> >  or PTR and A records do not match
> > X-Sift-From: Shipments at toysrus.ca
> > --------------------------------------------------------------
> 
> Yes, this IP address has no PTR record. mail servers which perform 
> reverse DNS verification will reject mail being delivered from this IP 
> address.
> 
> These are perfectly reasonable things to reject receipt of mail for.

	Actually it isn't.  It has way too many false positives.
	It really isn't a effective anti-spam measure.  Most of
	the owned boxes actually have PTR records which are valid.

	It is also specifically disallowed for in the RFC's.

	Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list