On Fri, 25 Feb 2011 12:57:39 +0000 Martin Gregorie <[email protected]> wrote:
> However, the thing I hadn't seen before is that its IP, 208.115.216.98 > resolves to 98-216-115-208.static.reverse.lstn.net > So, is this a normal, expected reverse DNS result that I just haven't > seen before or is it intended to trick MTAs into thinking that the > reverse DNS lookup was successful? If the latter is the case, is there > some way of writing a rule to detect it? It's not a trick. The more responsible providers create PTR records for all of their addresses and they often use a template so they don't need to come up with actual machine names. There are some rules to try to detect this kind of thing, but I don't think they are very effective. There are plenty of business cable and DSL providers with legitimate MTAs on IPs that reverse to a stereotyped host name. Regards, David.
