the package in question (and maybe others do as well) has the option to perform the reverse you describe. we tried the milder version first which only verifies the ip sending the packets has a ptr - no domain xref. our upstream provider is our alternate mx (with a higher pref, of course). any mail they accept and forward to us would fail under the more restrictive version of reverse (for example, say we were down for maint.). at least that is my understanding after speaking with the software vendors development team. thanks. ----- Original Message ----- From: "Andrew - Supernews" <andrew@supernews.net> To: <nanog@merit.edu> Sent: Sunday, February 08, 2004 4:01 PM Subject: Re: question on ptr rr
"Paul" == Paul Vixie <vixie@vix.com> writes:
Paul> that's one check of many. the PTR has to match the HELO, which Paul> means all of the worms and spammers who forge @yahoo.com Paul> addresses and use YAHOO.COM as their HELO will continue to get Paul> hammered.
If you're going to get picky about HELO names, then it's better to require that the HELO has an A record pointing to the connecting IP, rather than look at PTR.
-- Andrew, Supernews http://www.supernews.com