On Wed, 10 Feb 2021, Bob Proulx wrote:
Eugene Podshivalov wrote:
I've just received a spam email from a client who presented itself as
emx.mail.ru but its ip 117.30.137.22 resolves to
22.137.30.117.broad.xm.fj.dynamic.163data.com.cn
Are reverse client hostname and the ehlo one not supposed to match?
It's been an old traditional recommendation and best practice.
https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS
RFC1912 dates from 1996. Back then we could count the number of
systems on the Internet. Possibly someone knew each of them
individually! I'm not saying it wasn't possible then. And requiring
reverse DNS to map was one way to avoid dynamically assigned
addressing often used by abusers. But now there are so many systems
on the network and they change so fast that this is definitely not
possible now.
The more important question is how many services are running on a single
host. It's not uncommon that a host has more than one purpose and thus
also multiple domain names. With IPv4 this means DNS and reverse DNS
cannot match, as you always can satisfy only one of the services (except
you have too many IPv4 addresses).
E.g. my mail server mail.stoecker.eu resolves correctly for the IPv6
address, but for v4 the name differs.
Ciao
--
https://www.dstoecker.eu/ (PGP key available)
