>>>>> "DMO" == Demi Marie Obenour <demioben...@gmail.com> writes:
DMO> On 11/11/21 10:28 AM, Bill Cole wrote: >> On 2021-11-11 at 06:06:45 UTC-0500 (Thu, 11 Nov 2021 12:06:45 +0100) Togan >> Muftuoglu <tog...@dinamizm.com> is rumored to have said: >> >>> Hi, >>> >>> How can I reject connections from generic Forward Confirmed Reverse DNS >>> (FCrDNS) like “123-45-67-8.your.isp.com”. >>> >>> >>> For the most cases spamhaus is able to block it but with the cloud >>> providers with FCrDNS as follows not all of them are not blocked. >>> >>> 123-45-67-89.ip.linodeusercontent.com >>> >>> ec2-12-34-56-789.us-west-2.compute.amazonaws.com >>> >>> >>> How can I reject these connections >> DMO> Do all of the major mail service providers have valid DMARC? If so, one DMO> approach would be to reject (or, more likely, quarantine) mail from such DMO> hosts *unless* DMARC matches. That would require an external tool, DMO> though. When there is dmarc = none it doesn't work, and I would rather stop the connection request at the very beginning, meaning if your rDNS is not who you are claiming to be then sorry.
