Rich Kulawiec (rsk) writes:
I don't see a problem with not accepting mail from clueless ISPs or their customers. The requirement for rDNS has been around for decades. Anyone who's not aware of it has no business running a mail server.
Requirement ? What requirement ? There's no requirement for reverse DNS for email in any RFC. Not that RFCs are ideal references for mail operation in general. Rejecting on missing or incorrectly formatted HELO/EHLO is legitimate, as well as unknown sender or recipient domain, as these are within the control of the sender, or the sender's organisation. Reverse DNS is not. It's all subjective of course.
people to document the use of botnet PCs to send spam. And of course That's why this particular measure doesn't work for them, but other best practices do, e.g., rejecting mail from known-dynamic/generic IP space or known-dynamic/generic namespace unless it's your own customer or is being submitted with authentication non-port 25
"known-dynamic" is extremely up to debate. Frankly, blacklisting entire /16s because individual customer PCs have been hijacked is absurd, but I guess colateral damage is acceptable. Probably bounces will be the next thing to disappear.
Yes, some of these also impact non-spamming but broken mail servers, however, this is usually the only way to get the attention of their operators and persuade them to effect repairs.
You're kidding, right ? They don't give a rat's ass.
Then they should not be troubled that their mail is being rejected.
The operators don't care. The customers do. The customers don't have a choice, often. So you're right, the operator is not troubled that their customer's mail is being rejected.
"Bomb the bridge, salt the earth" approach ?
I'm not the one of the people who thought .info was a good idea (what, domains in other TLDs don't provide "information"?) I'm not the one who decided to sell domains in that TLD to spammers by the tens of thousands, thus effectively devaluing it for everyone else.
Because .org and .com don't do that as well ?
I suggest laying blame on the people who are responsible for the current state of affairs, not on the recipients of abuse.
I'm not laying blame here, just pointing out that rejecting mail from IP addresses for which no PTR delegation exists is unwarranted, but it's your system, so of course it's up to you. Don't go preaching it as a best practice, though. Phil