Ljubomir Ljubojevic office@plnet.rs wrote:
I use it too. Reverse-DNS check is best SPAM repellent there is. Only mail from properly set mail servers is accepted.
That's fine if your check is that a reverse DNS entry exists, or that the HELO/ELHO exists in forward DNS or, if your MTA is smart enough, it does a reverse-forward* check, but if you only check that the HELO/ELHO matches the reverse entry then you're blocking a bunch of valid mailers because there is no specification requirement that those two match (and they don't in the general case).
(*) reverse-forward here means do a reverse lookup on the connecting IP, then doing a forward lookup on the result, and then ensure that original IP is one of the 'A' records resolved from the forward lookup.
Devin