IPv6 automatic reverse DNS

Keith Medcalf kmedcalf at dessus.com
Sat Oct 29 15:44:55 UTC 2016



On Friday, 28 October, 2016 19:37, Steve Atkins <steve at blighty.com> wrote:

> > On Oct 28, 2016, at 6:04 PM, Karl Auer <kauer at biplane.com.au> wrote:

> >> 1b) anti spam filters believe in the magic of checking
> >> forward/reverse match.

> > Someone in this thread said that only malware-infested end-users are
> > behind IP addresses with no reverse lookup. Well - no. As long as we
> > keep telling anyone who isn't running a full-bore commercial network to
> > "consume, be silent, die", we are holding everyone back, including
> > ourselves.
 
> If you send mail over IPv6 from an address with no reverse DNS you
> will see quite a lot of this sort of thing:
 
> 550 5.7.1 [*] Our system has detected that this message
> 5.7.1 does not meet IPv6 sending guidelines regarding PTR records and
> 5.7.1 authentication. Please review
> 5.7.1 https://support.google.com/mail/?p=ipv6_authentication_error for
> more
> 5.7.1 information.

> > It's fine to use no-reverse-lookup as a component of a spamminess
> > score. It's not OK to use it as proof of spamminess.
 
> People running large mailservers made that decision some time
> ago. Disagreeing with them won't make them accept your email.

Actually, it was *long* before that.  I think it is STD 1 or STD 2 -- requirements for connecting a host to the internet.  All "deliberate" Internet hosts performing useful functions should have matching forward and reverse DNS and should expect to be labelled as "untrustworthy in the extreme" if they do not.  Assigning meaning to the resolved DNS name (embeded parts) is what came much later.









More information about the NANOG mailing list