How do you expect this to handle cases when a single IP address (i.e single MTA) is responsible for sending emails for multiple domains. The domain name match won't happen for all.
That's why we have SPF, SenderID (MS didn't want to feel left out, and DKIM (RFC standard). As far as reverse lookup goes, AOL requires MTAs to have a reverse PTR zone in a form of FQDN, but doesn't mandate exact match of the domain found in MAIL FROM in SMTP header. Which is less restricted than your sugge stion. BTW, back in dark ages, there were discussions in RFC mailing lists of similar approaches like yours but got rejected. Paul Vixie had his own suggestions too. ------Original Message------ From: dar...@chaosreigns.com To: users@spamassassin.apache.org Subject: Full circle DNS test? Sent: Oct 30, 2010 6:02 AM I see there's a RDNS_NONE rule for when the sending IP address has no DNS PTR (reverse DNS) record. But no rule for when that PTR record doesn't have a matching A (forward DNS) record that matches the sending IP? For example, if you get an email from me, and look up the IP: 64.71.152.40 -> chaosreigns.com Then you can look up that host name and get: chaosreigns.com -> 64.71.152.40 And if that IP didn't match the sending IP, it would fail this test. Is this something that would be accepted into spamassassin if I created a module? Or a feature that would be added if I didn't do it? I block all email that doesn't pass this test at my MTA (postfix reject_unknown_client_hostname), but I understand some people don't. -- "It's a dangerous business, Frodo, going out your front door. You step into the Road, and if you don't keep your feet, there is no knowing where you might be swept off to." - Bilbo Baggins http://www.ChaosReigns.com --- Mahmoud Khonji
