Eli wrote: >> Maybe I'm missing something. Can I take one of my IP addresses and make
>> the RDNS appear to be from xxx.amd.com and make a lookup on xxx.amd.com
>> agree?
>
> Yes you can. That's why reverse DNS information is pretty much completely
> useless when doing any type of tracing. I suggest you read up on DNS
> servers and how zonefiles work et al before going too far on speculations
> regarding DNS, especially if you're using the results to filter stuff (email
> in this case).
>
I think that if an host HELOes mail.domain.tld, rDNS is mail.domain.tld
and A record for mail.domain.tld gives the good IP and rDNS is not a
generic one, then you can probably trust the DNS info. But that still
does not mean that the host only sends ham.