2004-11-16

"Memo bis punitor delicatum"

Bill Gradwohl posts his opinion about SMTP servers doing reverse DNS lookups:

"We had to disable DNS checking because we had so many incidents of legitimate sites with broken DNS that the deny's [sic] were becoming a political problem with our end users.

"A large percentage of the broken DNS sites were city, county, and state government, and from past experience recommending they fix their DNS is a waste of time. The Texas courts are using email as though it were a guaranteed delivery mechanism to schedule cases, and in general keep the parties up to date on events. Refusing one of their mails, regardless the reason, has serious consequences. The courts [sic] decision to declare email a guaranteed delivery mechanism also means that you can't refuse any mail from any law firm if you are a party to a proceeding."

Pay attention to this: the Texas state judicial system doesn't believe that PTR records are necessary for delivering messages over SMTP. This has the expected ripple effect; if Texas courts don't follow reverse DNS lookup guidelines, Texas law firms can't reject such non-conforming mail transfers on their end, nor can their clients, and so on down the line. And you know what? The Texas judicial system is right.

Reverse DNS lookups are bad, m'kay? The key phrase to pay attention to here is "legitimate sites with broken DNS", of which there are plenty. You certainly may flag such messages as suspect, but for some retarded reason every implementation of a reverse DNS lookup I've ever seen drops the connection after a failure. Way to go, jackasses. RFC 2821, section 4.1.4 considers this a violation:

"An SMTP server MAY verify that the domain name parameter in the EHLO command actually corresponds to the IP address of the client. However, the server MUST NOT refuse to accept a message for this reason if the verification fails: the information about verification failure is for logging and tracing only."

Let this be a lesson to you. Especially you idiots in Texas who still swear by reverse DNS lookups:

"It's all there, black and white, clear as crystal! You stole fizzy lifting drinks! You bumped into the ceiling which now has to be washed and sterilized, so you get nothing! You lose! Good day, sir!"
— He must have gone to Harvard Law, Willy Wonka and the Chocolate Factory

No comments: