On 7/4/20 9:03 AM, tom@gather.coop wrote:
So I hope there is not an expectation that the rDNS domain match the email sender domain. If so I'm toast. Is it just sort of a smell test to see if the server looks legitimate?
Probably part of your confusion is the ambiguity of the term sender
which can refer to any of:
- the actual individual sending the original mail (the From: header)
- the envelope sender (the listname-bounces@listdomain address in the case of list mail)
- the sending server.
In the case of FCrDNS we're talking about the server (MTA) delivering the message to the recipient MX. I.e., that server's IP should have a PTR to its name and its name should have a A (or AAAA in the case of IPv6) record with the same IP. That's what FCrDNS implies.
Quoting from <https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS>:
"... the requirement is the forward and reverse lookup for the sending relay have to match, it does not have to be related to the from-field or sending domain of messages it relays."
It is also good if the name by which the MTA identifies itself (the myhostname setting in Postfix) is the same as the server's name. Quoting from the same article:
"Some e-mail mail transfer agents will perform FCrDNS verification on the domain name given on the SMTP HELO and EHLO commands. This can violate RFC 2821 and so e-mail is usually not rejected by default."
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan