You are most correct, it is definitely a double edged sword. Let's say you try to reverse DNS on an address who's nameserver is down or otherwise unreachable, what then? Some admins I know deliberately do run reverse DNS as they view it as system cracker tool, or they feel it is an unwarranted load, RFCs be damned. Is this admin decision the fault of the user? You are not first one to try this. I have tried this myself and a financial type didn't get an important email because of it. You know the rest of the story. A better solution is to check the ip and see if it is an MX record for the domain the mail purports to be from. Just my opinion, and I could wrong. -dan -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Patrick Muldoon Sent: Thursday, February 28, 2002 1:15 PM To: nanog@merit.edu Subject: Reverse DNS and SMTP We have recently implemented a policy on our mail servers of not accepting mail from hosts that do not correctly resolve via reverse DNS. While we on the technical side love the idea, there have been some questions from the business side of the house. If an ISP who doesn't have reverse DNS setup correctly on their mail servers, we point them to the RFC's and generally offer to help them correct it. We have noticed that our spam has reduced drastically, and the complaints are few, but alas this is a double edged sword, where if you even block 1 legitimate e-mail out of the 100K+ that we receive daily, someone is going to complain. Just curious if anybody here is doing the same and the response that they have had from doing so. Replies off list are fine and I will summarize if people are interested. Thanks, Patrick -- Patrick Muldoon, Network/Software Engineer INOC, LLC doon@inoc.net Press Ctrl-Alt-Del now for IQ test.