[dns-operations] Trustworthiness of PTR record targets

Jothan Frakes jothan at gmail.com
Tue Mar 4 19:29:16 UTC 2014


I totally concur on PTR = nice but not really trusted.

I can example it as being an accessory in determination of trust, though.

As a component of trust heuristics, on SMTP mailers that are 'first hop',
some mailers look for a direct match between the MX and the A record
returned for _HOSTNAME_ and the _HOSTNAME_ returned for the PTR on the
in-addr.arpa for that A record when choosing to receive email or not from
an unknown IP address.

I said that all wierd, perhaps this says it better:


chocolate-chunnel.example. IN MX 10 mx.chocolate-chunnel.example.
(CALL THIS "A")
mx.chocolate-chunnel.example. IN A 1.2.3.4
             (CALL THIS "B")


4.3.2.1.in-addr.arpa. IN PTR mx.chocolate-chunnel.example.
     (CALL THIS "C")

IP of connecting Hostname of SMTP connection  (CALL THIS "D")
Hostname in HELO of SMTP session (CALL THIS "E")
FQDN in FROM of SMTP session (CALL THIS "F")


Recipient MX would look at parity of these elements (ie D=A & E=F=B=C)

Spammers are typically lazy about rotating the hostname of sender and they
don't make the carpet match the drapes and pillows, so to speak.   If they
all match, it impacts the heuristics.


Jothan Frakes
+1.206-355-0230 tel
+1.206-201-6881 fax


On Tue, Mar 4, 2014 at 10:28 AM, Doug Barton <dougb at dougbarton.us> wrote:

> The OP specifically said "anti-spam providers" in the context of "is there
> a risk that the target domain could be blacklisted by anti-spam providers?"
>
> I am assuming that everyone here (including the OP) knows that specific
> anti-spam solutions that you would run on your mail servers look for valid
> PTRs, but that would seem to be a different thing entirely from what the OP
> seems to be asking about.
>
> ... so I revert to my original point, which is that it's hard to answer
> the OP's question intelligently without knowing more about what he's asking.
>
> Doug
>
>
>
> On 03/04/2014 10:06 AM, WBrown at e1b.org wrote:
>
>> Doug wrote on 03/04/2014 12:48:03 PM:
>>
>>  2. In my experience (which is not thorough, but also not zero) anti-spam
>>>
>>
>>  folks are completely uninterested in what's in the PTR, and generally do
>>>
>>
>>  not do any blacklisting by domain name in the sense you seem to mean.
>>>
>>
>> Not exactly true.  Many insist that there is a valid PTR record.  Some
>> care that it has a valid name, and that the forward lookup for that name
>> matches.
>>
>> RBLs however, only look at IP address.
>>
>>
>>
>> Confidentiality Notice:
>> This electronic message and any attachments may contain confidential or
>> privileged information, and is intended only for the individual or entity
>> identified above as the addressee. If you are not the addressee (or the
>> employee or agent responsible to deliver it to the addressee), or if this
>> message has been addressed to you in error, you are hereby notified that
>> you may not copy, forward, disclose or use any part of this message or any
>> attachments. Please notify the sender immediately by return e-mail or
>> telephone and delete this message from your system.
>>
>>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20140304/d326e1da/attachment.html>


More information about the dns-operations mailing list