Mail Server best practices - was: Pandora's Box of new TLDs
Phil Regnauld
regnauld at catpipe.net
Sat Jun 28 18:02:13 UTC 2008
michael.dillon at bt.com (michael.dillon) writes:
>
>
> http://www.maawg.org/about/MAAWG_Sender_BCP/MAAWG_Senders_BCP_Combine.pdf
Thanks for the pointer. I don't necessarily agree with all of it,
but it's definitely a good reference.
I just get irritated by actions that penalize end users who feel they
don't have other options other than just using some horrible webmail
service, because their operator/ISP is clueless. I do make a
distinction.
> On page 5 they do recommend matching reverse DNS and in
> Appendix A they go on to state that RFC 1912 states that
> all hosts on the Internet should have a valid rDNS entry.
Indeed it does, but rejecting a mail based on a missing PTR
is still arbitrarily useless (and I'm speaking in terms of
volume of spam emanating from hosts with a missing PTR, vs
spam origination from hosts that do have a PTR).
> Perhaps the RFC series doesn't have as many gaps as we think.
For mail operations, we're half a galaxy away from "be conservative
in what you send, be liberal in what you accept".
> > absurd, but I guess colateral damage is acceptable.
>
> If collateral damage is acceptable, then how is this
> absurd?
Apologies, I was being sarcastic.
> Once you accept that it is better to reject
> good email than let bad email through, the game has
> changed. It may end up by destroying the business usefulness
> of the existing email architecture, but not without a
> push from someone who has a better mousetrap.
Yep.
> This is quite simply, wrong. It is warranted.
Not agreeing :) But fair enough, any site is allowed to operate
mail the way it wants.
> > Don't go preaching
> > it as a best practice, though.
>
> Too late, the MAAWG has already published this as a best practice
> for quite some time. If you don't follow the MAAWG best practices
> then you are not a serious email operator. If email is mission
> critical to your business, then you really should be an MAAWG
> member as well.
We work for several customers and operate large mail installations.
We implement quite a few requirements that are fairly strict, but
rejecting based on missing PTR is not one of them.
Neither is blacklisting entire TLDs for that matter, but I digress.
I still feel like a serious mail operator, just because I don't
conclude that I as the receiver should reject mail from a host with
a missing PTR, because the MAAWG *Senders* BCP says that hosts
should have a reverse.
Phil
More information about the NANOG
mailing list