[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: MTA

On 2021-07-05 10:06:24 -0400, Greg Wooledge wrote:
> On Mon, Jul 05, 2021 at 03:48:47PM +0200, Vincent Lefevre wrote:
> > On 2021-07-05 09:35:22 -0400, Greg Wooledge wrote:
> > [...]
> > > Your "reverse" (PTR record for 162.213.253.79) doesn't match.  Which is
> > > to say, none of the "A" results from cyrania.com. match the original
> > > IP address of 162.213.253.79.
> > > 
> > > Some SMTP receivers may care about that.
> > [...]
> > 
> > Yes, the reason is that the owner of the IP address can technically
> > put anything for the reverse, in particular a domain he doesn't own.
> > Thus he can put a domain with a good reputation to send spam. That's
> > why antispam software should check that the reverse resolves back to
> > the IP address.
> 
> It's a philosophical argument.  The value stored in the "reverse" is
> only important if you think it's important.  Antispam software may
> choose to consider it irrelevant, or somewhat important, or vitally
> important.

Perhaps I wasn't clear. I mean that antispam software that considers
the reverse in its rules *also* needs to check that the obtained
reverse resolves back to the IP address. It must not blindly trust
the reverse.

> If I'm sending email from 162.213.253.79 but I use bill@microsoft.com as
> my envelope sender address, does it *really* matter whether 162.213.253.79
> has a mismatched reverse lookup?  It's more important to check whether
> microsoft.com considers 162.213.253.79 to be a valid sender.  (And that
> uses SPF or other optional mail-specific information sources.)

This is a different thing, which breaks many mailing-lists.
And it is not reliable in practice (possibly except in scoring).

> Strict reverse-match checking really hurts people who send email
> from home computers, where controlling the reverse is not always easy.

Yes, this is a problem. However, I can notice on my server that
almost all mail with no reverse (or an invalid one) is spam. So
I can understand people who reject such mail.

> Any impact on commercial spammers is negligible, unless the real goal is
> to block bot nets by assuming that anyone with a mismatched reverse is a
> home computer user and is therefore a compromised spam bot, because how
> could anyone on a home computer network ever be a legitimate email sender?

Nowadays, users who do not have the possibility (or do not want) to
control the reverse on their home computer network use a submission
server (their ISP's, a dedicated VM, services like gmail, etc.).

> A more sensible antispam filter might consider a mismatched reverse to
> be one potential factor in deciding whether a given message is "spam".
> In the absence of any other factors, it shouldn't be enough to reject
> a message.  But if the same message has other risk factors, then together
> they might be enough to justify that judgment.

Unfortunately postfix cannot do that (it just has
reject_unknown_client_hostname, but otherwise doesn't allow
the user to control how the information is obtained and used).

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
Reply to: