On Mon, Apr 01, 2002 at 12:09:47PM -0800, John W Baxter wrote:
| At 19:52 +0300 4/1/2002, Lauri Tischler wrote:
| >There was some discussion about that on another forum.
| >Any pros or cons ??
| >
| >Idea was that if sending server does not have valid MX record
| >it is so badly administered that it is propably sending spam
| >as well (and their users have lice and bad breath) :)
|
| MX records identify servers which are used to receive mail from the world.
| There is no obvious reasons why the same servers send the mail for the
| entity in question. And there are several reasons for the receiving and
| sending servers to be distinct groups.
Right, but the domain to check is the one given in the MAIL FROM:
command. If I tell you
MAIL FROM: <localpart@???>
RCPT TO: <insert-your-address-here>
You can't reply to that message (or deliver a bounce) because that
domain doesn't exist. Ok, so when delivering you try to fall back to
the A record, but there SHOULD be an MX. In all likelihood, properly
set up systems will have an MX. Reverse DNS is a different matter
(sorry, I don't have one; I can relay through a smart host, though).
| You will reject mail from some small entities whose mail you might not want
| to reject.
Possible. It's a tradeoff between how much spam you think you'll
reject and how much real mail you'll miss.
| At the moment I looked, the most recent mail received from Microsoft had
| come in from
| smtppassport5.microsoft.com (the EHLO and the IP address agreed on that).
The EHLO isn't the thing to check. The MAIL FROM: is. I bet that
message had "@microsoft.com" in the MAIL FROM:, thus it would be ok
according to this check.
-D
--
Python is executable pseudocode. Perl is executable line noise.
