Mikael Bak wrote, at 08/03/2009 10:38 AM: > I'm currently blocking all attepmts to connect from hosts not having a > valid reverse DNS name with "reject_unknown_reverse_client_hostname". > > This is very effective for dealing with spam. This is not our only > protection though :-) > > Although from time to time we get feedback from users about lost email. > When checking our logs it turns out that most of the time the email is > lost because the sending part fails the reverse DNS lookup. > > So now I'm a bit puzzled. Are we being too restrictive? Do you guys find > it OK to reject hosts that fail reverse DNS checks? Do you guys find it > common that legit mail servers does not have a reverse DNS name? What do > you tell your users?
Although both reject_unknown_client_hostname and the more permissive reject_unknown_reverse_client_hostname are currently very effective at blocking spam, there are too many misconfigured mail servers out there for us to use either for outright blocking. Such tests are still very useful in a scoring system. > I occationally try to send an email to the mail administrator of such a > sending server. Once they replied and they accepted my complaints and > fixed the problem, and they were happy I told them about it. But this > was the only time anyone ever answered such a request from me, so > perhaps it's not worth the effort. I've discovered the same. > Nevermind. To make it short: Is it ok to reject such sending servers or > not? :-) I don't, because it would block important messages. You'd be surprised at how many emergency alert systems fail this test, let alone banks, schools, governments and other key institutions.
