Jesse Stroik wrote:
There are plenty of places still using mail gateways where the mail server used for sending is still on an internal network, for a variety of legitimate reasons, and those mail servers may resolve to a private address. If you discard all mail with no appropriate reverse DNS, you'll be discarding a lot of legitimate mail too from a lot of legitimate mail configurations.
Um, no; the argument is for rejecting mail with **NO** rDNS at all. Malformed or mismatched rDNS is still a nasty misconfiguration for a number of reasons.
I can't think of ANY reasons (beyond sysadmin and/or ISP incompentence) that a public IP originating legitimate SMTP traffic should not have a reverse DNS entry. (Never mind a properly-formed one, a whole other argument on its own.)
Unfortunately, as Justin Mason pointed out, there are a fair number of systems out there that *don't* have any rDNS on their outbound SMTP server IP(s). :( This makes it hard for anyone (particularly ISPs!) in bigger than a private server owner and smaller than AOL to really try to "enforce" this without seriously impacting legitimate traffic.
-kgd
