Brad Knowles <brad.knowles@skynet.be> writes: [...]
Moreover, even if all servers on the Internet were secured in this manner and there were no open relays, it would also require perfect reverse DNS because the MXes are listed by name and not IP address -- that's assuming you do a reverse lookup on the IP address and require that the returned name is on the list.
The proposal suggests that you get all of the A records for all of the accepted names, then make sure that one of the A records matches the address that the connection came from. See sec. 2.3. Even if it did require good reverse DNS, that would only be needed for domains that chose to implement this, and only for addresses that are allowed to send mail from that domain. ----ScottG.