Ask Slashdot: Is Reverse DNS a Worthy Standard For Fighting Spam?

drmartin66 makes it to the front page with this question: "Last weekend I installed a new spam filter server for a client, and enabled connection rejection if the sending server did not have a Reverse DNS record. Since then, I have had a number of emails rejected from regulator bodies that do not have a Reverse DNS record, and are refusing to have one created for their email server. What is your opinion of Reverse DNS records? Are they (or should they be) a standard, and required? Or are they useless for spam fighting?"

Re:Depends on how badly you want mail....

[Just+Some+Guy]

It's been a long time since I wrote up some spam-filtering instructions, but I'd still stand by most of my recommendations. In general, yes: just increase the spam score. I do have several litmus tests, though. If you fail one of these, I'm not accepting your mail:

• Your HELO has to send something that actually looks like a hostname. "server" doesn't work, and neither does "5626^^^". Rationale: a server this badly misconfigured is either a spambot or so horribly broken that I don't want to talk to it. I look at the output of this rule from my logs and I've literally never seen anything blocked that looked like it might have been legitimate.
• Don't send me my own hostname in the HELO. You're lying. The only reason to do this is to trick me into relaying for you.
• Don't send mail From: an unresolvable address. "someone@server" isn't a legitimate email address. Neither is "joe@nonexistent.example.com". If it would be impossible to send you a reply because the address you've given can't possibly be valid, I don't need to hear from you.
• I use zen.spamhaus.org, bl.spamcop.net, and b.barracudacentral.org to generate a likely spam score for incoming servers. If their combined score exceeds a certain threshold, I outright block email from that server. A server might accidentally end up on a blacklist, but it's unlikely that one would accidentally end up on more than one of those (in my opinion and experience) very conservative lists.

"Be liberal with what you accept" is a great idea to a point, but there are some things that correlate very strongly with spamminess. Back to the subject at hand: I don't think that lack of reverse DNS is one of those things.