Incoming SMTP in the year 2017 and absence of DKIM

Owen DeLong owen at
Thu Nov 30 17:57:56 UTC 2017

> On Nov 30, 2017, at 09:03 , Steve Atkins <steve at> wrote:
>> On Nov 30, 2017, at 1:22 AM, Bjørn Mork <bjorn at> wrote:
>> "John Levine" <johnl at> writes:
>>> Broken rDNS is just broken, since there's approximately no reason ever
>>> to send from a host that doesn't know its own name.
>> rDNS is not a host attribute, and will therefore tell you exactly
>> nothing about the host.
> It tells you something about the competence of the operator and
> whether the host is intended by the owners to send email.
> Or, for a more empirical way to look at it, there's reasonable correlation
> between having missing, generic or incorrect reverse DNS and the host
> being a source of unwanted or malicious email.

I’m not so sure about that.

Lots of hosts that send unwanted/malicious email have missing, generic, or obviously incorrect rDNS.
Lots of hosts that send unwanted/malicious email have valid non-generic possibly correct rDNS.

I don’t accept email from the former, but I still get plenty of SPAM from the latter.

Unfortunately, until we get widespread deployment of something better than IP reputation based
systems, SPAM continues to be a low-cost to the sender side with a high burden on the delivery side
and therefore remains a very profitable industry.

DKIM certainly could help (though I’m not convinced it’s a 100% effective solution, nor am I
particularly convinced we’ve found any particularly effective solutions as yet.

Perhaps this is simply the inherent cost of maintaining an open communications infrastructure with
a low barrier to entry and the potential for anonymous communications which I believe has value
to society and should be preserved. Perhaps someone smarter than I will some day develop a better


More information about the NANOG mailing list