On Thu, 2010-03-04 at 23:42 -0500, Tony Nelson wrote: > On 10-03-04 23:10:45, Tim wrote: > > On Thu, 2010-03-04 at 13:42 -0700, Craig White wrote: > > > At this stage, I simply will not accept mail from any smtp server > > > whose forward & reverse DNS don't match. So if you are sending me > > > e-mails from server mail.example.com you better have a reverse DNS > > > address that tells me that your ip address points to > > mail.example.com. > > > > That's a rather bad idea, and simply not workable for an *awful* lot > > of > > people. You *will* be rejecting legit mail with that methodology. > > > > Although many of us have our own domains, many of them will be hosted > > by > > a service which hosts hundreds or thousands of other sites using > > virtual > > named based hosting. We don't each get an IP, and it's completely > > impractical to expect that in an IPv4 world. The reverse IP will > > point > > to the host's domain name, not ours. > > > > You need to do *better* testing than simply forward and reverse > > checking > > of one domain name. > > Yes, Craig's method won't work with any form of virtual hosting or even > when the server runs more than one service, as only one of them can be > the > official name. Servers I run specify which host they are, e.g., my own > rapidxen.georgeanelson.com, which won't work with Craig's method. RFC > 1912 FCrDNS simply checks that one of the results of a reverselookup > maps > back to that IP.[1] > > [1] <http://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS> ---- no - actually it works quite fine - you just can't have a virtual host on a shared IP or if you are sharing an IP, then the server name simply must resolve forward and backward. There's nothing that says you can't send mail from server.example.com for any particular domain that isn't example.com at all and you can even use SPF and domainkeys for any domain to identify the specific server(s) permitted. I think you guys are confusing the point. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines