On Wednesday, September 20, 2006 5:48 PM -0500, John Kelly wrote: > On Wed, 20 Sep 2006 18:01:38 -0500, "Seth Goodman" > <[EMAIL PROTECTED]> wrote: > > > > require matching DNS, forward and reverse
<...> > > some large servers won't use it. > > I don't know of any. But if there really are some sending > legitimate mail, I would be interested in collaborating to maintain > a whitelist of them. Need to be LARGE though, to be worthwhile. This is large system receiving policy, not the large system configuration. All the large senders I know about have properly configured DNS. There are far too many small MTA's with misconfigured DNS, however, for a large MTA to ban without a steady stream of customer complaints. You seem aware of this problem in your later post: On Thursday, September 21, 2006 9:53 AM -0500, John Kelly wrote: > The improper DNS false positive rate is low, less than 2%. Admins > must accept some collateral damage, if they expect to win the war. It's a pity, but very few people think in terms of winning the spam war anymore. Most systems would consider this false positive rate unusable by a large margin. The larger the provider, the less workable this solution. While I would love to have this be an absolute requirement for SMTP, there are too many incompetently administered systems from which you must accept mail, and large parts of the developing world do not routinely delegate rDNS. This is a nasty problem that won't go away quickly. > There is resistance to this idea, because some admins fear losing > any legit mail. But given that the false positive rate is low, it > should be feasible to develop and maintain a whitelist of > legitimate mail servers lacking proper DNS. I'm not volunteering, > but it's an idea that has merit. This works fine for small systems but doesn't scale. Admins can't be bothered whitelisting everyone's one or two correspondents with broken DNS, and almost everyone has some, even in the developed world. Customers will not tolerate _their_ correspondent's mail being blocked when those systems are not abusing any networks. > The list may also urge offending admins to set up proper DNS, like > when newspapers publish a shame list of people who have not paid > their property tax. We already have rfc-ignorant and it is widely ignored. The only people who care are the ones who would never get on that list in the first place. -- Seth Goodman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]