Mail Server best practices - was: Pandora's Box of new TLDs

Sat Jun 28 16:41:52 UTC 2008

> 	Requirement ?  What requirement ?  There's no requirement for
> 	reverse DNS for email in any RFC.  Not that RFCs are 
> ideal references
> 	for mail operation in general.

You're right, documents published by an organization whose goal
is to design internetworking protocols are not the best place
to find operational advice. For that you would be better to go
to an organization like MAAWG which publishes this BCP:

http://www.maawg.org/about/MAAWG_Sender_BCP/MAAWG_Senders_BCP_Combine.pd
f

On page 5 they do recommend matching reverse DNS and in
Appendix A they go on to state that RFC 1912 states that
all hosts on the Internet should have a valid rDNS entry.
Perhaps the RFC series doesn't have as many gaps as we think.

> 	"known-dynamic" is extremely up to debate.  Frankly, 
> blacklisting
> 	entire /16s because individual customer PCs have been 
> hijacked is
> 	absurd, but I guess colateral damage is acceptable.  

If collateral damage is acceptable, then how is this
absurd? Once you accept that it is better to reject
good email than let bad email through, the game has
changed. It may end up by destroying the business usefulness
of the existing email architecture, but not without a
push from someone who has a better mousetrap.

> 	I'm not laying blame here, just pointing out that rejecting mail
> 	from IP addresses for which no PTR delegation exists is 
> unwarranted,

This is quite simply, wrong. It is warranted.

> Don't go preaching
> 	it as a best practice, though.

Too late, the MAAWG has already published this as a best practice
for quite some time. If you don't follow the MAAWG best practices
then you are not a serious email operator. If email is mission
critical to your business, then you really should be an MAAWG
member as well.

--Michael Dillon

P.S. I personally have nothing to do with the MAAWG although
my company is an active member.