On 2021-07-05 10:06:24 -0400, Greg Wooledge wrote: > On Mon, Jul 05, 2021 at 03:48:47PM +0200, Vincent Lefevre wrote: > > On 2021-07-05 09:35:22 -0400, Greg Wooledge wrote: > > [...] > > > Your "reverse" (PTR record for 162.213.253.79) doesn't match. Which is > > > to say, none of the "A" results from cyrania.com. match the original > > > IP address of 162.213.253.79. > > > > > > Some SMTP receivers may care about that. > > [...] > > > > Yes, the reason is that the owner of the IP address can technically > > put anything for the reverse, in particular a domain he doesn't own. > > Thus he can put a domain with a good reputation to send spam. That's > > why antispam software should check that the reverse resolves back to > > the IP address. > > It's a philosophical argument. The value stored in the "reverse" is > only important if you think it's important. Antispam software may > choose to consider it irrelevant, or somewhat important, or vitally > important.
Perhaps I wasn't clear. I mean that antispam software that considers the reverse in its rules *also* needs to check that the obtained reverse resolves back to the IP address. It must not blindly trust the reverse. > If I'm sending email from 162.213.253.79 but I use b...@microsoft.com as > my envelope sender address, does it *really* matter whether 162.213.253.79 > has a mismatched reverse lookup? It's more important to check whether > microsoft.com considers 162.213.253.79 to be a valid sender. (And that > uses SPF or other optional mail-specific information sources.) This is a different thing, which breaks many mailing-lists. And it is not reliable in practice (possibly except in scoring). > Strict reverse-match checking really hurts people who send email > from home computers, where controlling the reverse is not always easy. Yes, this is a problem. However, I can notice on my server that almost all mail with no reverse (or an invalid one) is spam. So I can understand people who reject such mail. > Any impact on commercial spammers is negligible, unless the real goal is > to block bot nets by assuming that anyone with a mismatched reverse is a > home computer user and is therefore a compromised spam bot, because how > could anyone on a home computer network ever be a legitimate email sender? Nowadays, users who do not have the possibility (or do not want) to control the reverse on their home computer network use a submission server (their ISP's, a dedicated VM, services like gmail, etc.). > A more sensible antispam filter might consider a mismatched reverse to > be one potential factor in deciding whether a given message is "spam". > In the absence of any other factors, it shouldn't be enough to reject > a message. But if the same message has other risk factors, then together > they might be enough to justify that judgment. Unfortunately postfix cannot do that (it just has reject_unknown_client_hostname, but otherwise doesn't allow the user to control how the information is obtained and used). -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
