Boris Lorenz wrote:
I agree with you to some extend.
My 0.02c: A host with a broken FQDN or no FQDN at all should *not* be allowed to take part in normal smtp traffic. If some admin/provider/whatever is unable to create proper forward and reverse DNS and MX zones/entries for a domain, he/she should go baking cookies for christmas instead, sorry.
thats also my point of view, but if you're in a business, you can't deal this way. Your Customers NEED to contact you. Many of them are not able to configure DNS the right way. So if you block them, you'll never get their money ;)
The benefits of blocking unresolveable/badly named hosts outweight the occassional loss of some dude@<enter your fav crappy fqdn here>.com-mails.
ack.
If I would let pass mails with unresolveable/suspicious domains, I would get roughly 50% more spam than with the block. half ack. many spam is delivered over 'good' configurated mailservers WITH fqdn and reverse DNS. You have to deal with it. grep your logs after connections from unknown hosts and look how many legitimate mail is included.
If I have the time, I usually drop the domain admins a lil' mail, informing them about their DNS problems.
good. that can also be done by a script. the problem is that many domain admins aren't agree with you :( Things like: 'your mailsetup is broken, the sender domain exists and has a/mx records.' are the most used respons ;)
I may be anal about this, but thanks to these and other strict precautions, our spam traffic volume is near zero.
Spam filtering is not easy, you need really to figure out how many spam and how many legitimate mail youre blocking. if thats ok for you to block 1-5 good ppl and 10-50 bad ppl, do it :) just my 0.02c -- intraDAT AG http://www.intradat.com Wilhelm-Leuschner-Strasse 7 Tel: +49 69-25629-0 D - 60329 Frankfurt am Main Fax: +49 69-25629-256 Junk mail is war. RFCs do not apply.