[ExchangeList] Re: IMF config

  • From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
  • To: <exchangelist@xxxxxxxxxxxxx>
  • Date: Fri, 2 Jun 2006 09:03:19 -0700

http://www.msexchange.org
-------------------------------------------------------I once felt as you did, 
but the sad fact is that not everyone has the option of simply "switching 
ISPs". 
The other sad fact is; many large ISPs (read: Verizon) will fight to the death 
before acquiescing to this request.
The bigger sad fact is; many folks don't even know they should have PTR records.
The final sad fact is; RDNS on the Internet is abysmal.  Even the "big boys" 
don't play well here.

In short; depending on RDNS to validate anything is a waste of your time.

-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 

-----Original Message-----
From: exchangelist-bounce@xxxxxxxxxxxxx 
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Taylor, George
Sent: Friday, June 02, 2006 08:57
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: IMF config

http://www.msexchange.org
-------------------------------------------------------SPF record, ok, I'll 
give you that.  The SPF record is specifically designed to validate the source 
IP of an email sender, however, it wasn't proposed until like late 2004 and I 
don't even know if it's IETF standard yet....probably is by now.  But look at 
your statement that "their ISP doesn't provide such a simple service" regarding 
at PTR record which has been standard since BITnet. These rinky dink ISPs are 
more likely to adhere to a 20 year old standard than one only a couple years 
old.  Either your ISP provides the service your paying for or you find another 
one, either you pass a reverse DNS lookup or you don't send me email.

Trivia for the masses:  What did BITnet stand for?  And it's no fair googling 
it, pull from the grey matter.

George Taylor
Systems Programmer
Regional Health Inc.


-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Friday, June 02, 2006 9:39 AM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: IMF config

http://www.msexchange.org
-------------------------------------------------------Unfortunately,
that analogy is flawed.
RDNS isn't "validating the origin"; it's "validating the PTR records in the 
netblock owner's DNS server" and nothing else.  There are quite a few folks 
that can't get a valid PTR record built because their ISP doesn't provide such 
a simple service.
The closest thing to your analogy is an SPF TXT record.  This uses the DNS 
associated with the sending mail domain to determine the validity of the 
sending host.

Also keep in mind that unless you're the netblock owner (<giggle> as if any SBS 
deployment could be), you can build PTR records in your public DNS all day long 
and not affect remote PTR lookups in any way whatsoever.

The only functional way to work around this is via smarthost that actually does 
have a valid PTR record.

-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 

-----Original Message-----
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Taylor, George
Sent: Friday, June 02, 2006 08:05
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: IMF config

Hmmm, should I dance around like a god?  or do they even dance?  :-)
 
I have to disagree with you John.  It is standard practice to require a valid 
RDNS lookup in order to except a piece of mail.  Basically all you are doing is 
verifying that the sender is in fact who they say they are, or should I say the 
server connecting to your server is who it is advertising itself as.  As you 
say, take a look at the real world:
 
A guy walks into your mailroom wearing a purple shirt with a unibomber emblem 
and says "Take this package, it's from UPS..."  What's your mail clerk going to 
say?  "I'll take it because I don't care who you are, I just take all packages 
addressed to me..."?  I hope not, that's how things get blown up, that's how 
your email system will get blown up with viruses, spam, threats, etc...  If you 
cannot verify the origin of a piece of mail and you except it anyways, you put 
yourself at risk, a conscience email administrator is not going to allow that.
 
 
Just my .02
 
George Taylor
Systems Programmer
Regional Health Inc.
 

________________________________

From: John T (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
Sent: Thursday, June 01, 2006 5:07 PM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: IMF config



Andrew, please tell me you are not actually considering doing this.

 

Yes, the big want-to-be Internet God's such as America Off Line block/refuse on 
no PTR, but that is not practical in the real world as the rest of us know it. 
Besides, I think America Off Line is just trying to get on Dan Quails' good 
side, if he has one.

 

John T

eServices For You

 

"Seek, and ye shall find!"

 

-----Original Message-----
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English
Sent: Thursday, June 01, 2006 4:05 AM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: IMF config

 

Is there anyway to get IMF to drop emails that fail reverse lookup?

 

Thanks

Andrew

 


All mail to and from this domain is GFI-scanned.

-------------------------------------------------------
List Archives: http://www.freelists.org/archives/exchangelist/
MSExchange Newsletter: http://www.msexchange.org/pages/newsletter.asp
MSExchange Articles and Tutorials:
http://www.msexchange.org/articles_tutorials/
MSExchange Blogs: http://blogs.msexchange.org/
-------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
-------------------------------------------------------
To unsubscribe visit http://www.msexchange.org/pages/exchangelist.asp
Report abuse to listadmin@xxxxxxxxxxxxxx 

-------------------------------------------------------
List Archives: http://www.freelists.org/archives/exchangelist/
MSExchange Newsletter: http://www.msexchange.org/pages/newsletter.asp
MSExchange Articles and Tutorials: http://www.msexchange.org/articles_tutorials/
MSExchange Blogs: http://blogs.msexchange.org/
-------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
-------------------------------------------------------
To unsubscribe visit http://www.msexchange.org/pages/exchangelist.asp
Report abuse to listadmin@xxxxxxxxxxxxxx 


All mail to and from this domain is GFI-scanned.

-------------------------------------------------------
List Archives: http://www.freelists.org/archives/exchangelist/
MSExchange Newsletter: http://www.msexchange.org/pages/newsletter.asp
MSExchange Articles and Tutorials: http://www.msexchange.org/articles_tutorials/
MSExchange Blogs: http://blogs.msexchange.org/
-------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
-------------------------------------------------------
To unsubscribe visit http://www.msexchange.org/pages/exchangelist.asp
Report abuse to listadmin@xxxxxxxxxxxxxx

Other related posts: