Do I really need an MX record? (for e-mail to work)
Mark Andrews
Mark_Andrews at isc.org
Fri Feb 10 00:15:50 UTC 2006
> In article <dsg1k4$15se$1 at sf1.isc.org>,
> administrator at spam.yellowhead.com (John Coutts) wrote:
>
> > In article <dsdfd8$137e$1 at sf1.isc.org>, csmith at dyndns.org says...
> > >
> > >Can you provide an example of a domain which blocks mail simply because
> > >the PTR record does not match the name of the mail server? (Setting one
> > >up yourself to provide as an example doesn't count) And how exactly do
> > >these domains determine the A record? Do they base this on name provided
> > >in the HELO command?
> > >--
> > >Christian Smith
> > >Dynamic Network Services, Inc.
> > >
> > *************** REPLY SEPARATER ****************
> > Yes here is a prime example, which was a fairly important piece of business
>
> > mail. In this case, the IP does have a reverse lookup, but the resulting na
> me
> > does not report the same "A" record. I have complained to POBox. but to no
> > avail. At first they denied that they check the "A" record against the
> > "PTR", but when I pressed them, they added the "or PTR and A records do not
>
> > match" to the message. Big deal!
> > -------------------------------------------------------------
> > X-Pobox-Antispam: require_ptr/ returned deny: 204.209.35.42 has no PTR
> > record, or PTR and A records do not match
> > X-Sift-Reason: require_ptr/ returned deny: 204.209.35.42 has no PTR record,
> > or PTR and A records do not match
> > X-Sift-From: xxxxxxxxxx at trekescapes.com
>
>
> This is a perfect example of broken reverse DNS
>
> % dig +noall +answer -x 204.209.35.42
> 42.35.209.204.in-addr.arpa. 0 IN PTR mail.rewired.net.
>
> % dig +noall +answer mail.rewired.net
> mail.rewired.net. 3513 IN A 216.234.167.142
>
>
> 216.234.167.142 != 204.209.35.42 so the verification of the reverse DNS
> for 204.209.35.42 fails.
>
>
> > --------------------------------------------------------------
> >
> > Here is another one which is an order confirmation from Toysrus. In this
> > case,
> > there is simply no PTR record. I have informed Toysrus of the problem, and
> > they
> > politely thanked me and said they would take care of it. Months later, IBM
> > (the
> > network operator) has still not corrected the problem.
> > --------------------------------------------------------------
> > X-Pobox-Antispam: require_ptr/ returned deny: 170.224.105.33 has no PTR
> > record, or PTR and A records do not match
> > X-Sift-Reason: require_ptr/ returned deny: 170.224.105.33 has no PTR record
> ,
> > or PTR and A records do not match
> > X-Sift-From: Shipments at toysrus.ca
> > --------------------------------------------------------------
>
> Yes, this IP address has no PTR record. mail servers which perform
> reverse DNS verification will reject mail being delivered from this IP
> address.
>
> These are perfectly reasonable things to reject receipt of mail for.
Actually it isn't. It has way too many false positives.
It really isn't a effective anti-spam measure. Most of
the owned boxes actually have PTR records which are valid.
It is also specifically disallowed for in the RFC's.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list