On Thu, 4 Oct 2018 01:29:11 -0400 Adam Katz wrote:
> The ptr mechanism in SPF is officially “do not use” right in the spec > <https://tools.ietf.org/html/rfc7208#section-5.5>; PTR records aren’t > vetted (any network operator can assign literally any rDNS to their > IPs), so it trivializes forgery that would elicit an SPF pass. It marked as "do not use" because it slow, and it's more sensitive to packet loss, not because it can be forged. The implementation is required to check that the DNS is full-circle by performing A-record look-ups on the rDNS result(s).
