On Sun, 2011-07-17 at 11:06 -0600, Devin Reade wrote: > That's fine if your check is that a reverse DNS entry exists, > or that the HELO/ELHO exists in forward DNS or, if your MTA is > smart enough, it does a reverse-forward* check, but if > you only check that the HELO/ELHO matches the reverse entry > then you're blocking a bunch of valid mailers because there is > no specification requirement that those two match (and they don't > in the general case). What is the point of some super stupid over-paid Computer Professional (usually a Windoze lover) configuring his or her (although women are more careful than men) mail server to send emails with false credentials ? Example: HELO/EHLO my identity is stupid.example.com when that server is operating on IP address xxx.yyy.zzz.aaa and stupid.example.com has a DNS 'A' record for IP address bbb.eee.sss.ttt ? Incidentally the mail server's IP address xxx.yyy.zzz.aaa has a host name of ridiculous.example.com > you're blocking a bunch of valid mailers What is 'valid' in this situation ? > there is no specification requirement that those two match > (and they don't in the general case). When you telephone someone from your office, do you usually give a false name and contact telephone number ? No, of course you do not. Why tolerate false details from a source who is often a spammer. Mail Admins should unite against spammers not deliberately emulate them. Here a a few examples: http://sys.u226.com/t21/t21p003.php -- With best regards, Paul. England, EU.