On Fri, 16 Dec 2016 13:05:35 +0100 Vincent Lefevre <vinc...@vinc17.net> wrote:
> On 2016-12-15 10:41:58 +0100, Sven Hartge wrote: > > Next is a check if the sending IP resolves correctly and the > > hostname resolves back to this IP. > ^^^^^^^^^^^^^^^^^^^^^^^^ > I wonder whether this rule should really be used. A hostname may > resolve to multiple IP's, and for some reasons, the original IP may > not be in the list (e.g. if truncated). > It is therefore an important matter that the email admin ensures that the PTR record *always* resolves to a hostname which resolves back, which can if necessary be achieved by creating a fictitious A record for just this purpose. It is not necessary for this hostname to match either HELO or domain MX, though it's worth doing if that isn't difficult. This check used to be pretty much a guarantee of a business IP address, but unfortunately many home ISP accounts now have complementary A-PTR records, making spam detection much harder. But even today, this DNS check is my second most useful anti-spam measure, the first being to accept email only to named account holders. -- Joe
