All of the DNSBLs I know are about outbound mail hosts, not inbound ones. What are your sending hosts called?
Outbound goes through the same 4 boxes. We used to split it up (2 at MX10, 2 at MX20 .. reversed for outbound) but for capital (licensing/hardware) reasons we decided to do in/out through the same system. This is just "first touch" on the way in and "last touch" on the way out. We also have spfv1 records defined (albeit a rather permissive "ptr ~all") .. but as I mentioned, the firewall disallows smtp to anywhere but appropriate hosts. We do still allow smtps and submission to accommodate folks that travel, as we haven't (yet) had a problem with bots using either of those services. My beef with Trend was that they were in essence telling us to re-do DNS on our /16 because they didn't like the way we did it .. despite the mail part (the one that matters) being technically correct by most everyone else's standards. Personally, I think this is just so they can have a "big list" when they sell it (.. our DNSBL has $x million more entries than $competitor..). Cheers, Michael Holstein Cleveland State University