Wouldn't SPF ( RFC 4408) tell people more about where the real mailservers are than some half-baked idea of trying to enforce what hostnames should look like? What's the word for 'mail server' in Lower Sorbian, and does your algorithm properly detect it in a hostname? See the problem here? On Wed, Dec 16, 2009 at 6:49 AM, Adam Armstrong <lists@memetic.org> wrote:
On 16/12/2009 06:12, James Hess wrote:
On Tue, Dec 15, 2009 at 11:30 PM, Adam Armstrong<lists@memetic.org> wrote:
personally, i'd recommend not being a dick and setting valid *meaningful* reverse dns for things relaying mail.
Many sites don't use names that will necessarily be meaningful to an outsider. Sometimes the non-meaningful name is the actual hostname and the _only_ name that machine is known by, even if the name appears "generic" or contains an IP. Host naming is a matter of local network policy, and the RFCs that pertain to hostnames specify syntax requirements only.
Some sites might want to avoid certain "meaningful" RDNS entries since spammers, hackers, and other abusive users that scan IP ranges can utilize the RDNS to facilitate their activities. All reverse DNS information is in the hands of the enemy.
For example, when spammers' IP scanning efforts find that an IP address reverses to "mail.example.com" the spammer will know to try @example.com e-mail addresses for their dictionary-based brute-force spamming.
On the other hand, if the MTA's IP reverses to something like a152.x.example.net.
As is common for many domains. Spammers coming in by scanning large ranges of IPs, have no pointer to report the mailserver they discovered is @example.com inbound (or outbound) mail.
The 1970s called and asked for its security policy back :(
I would have thought that asking for the MXes for example.com would have told them what the inbound mailserver is...
adam.