Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Conventions about sending email

Posted on 2004-12-01
9
Medium Priority
?
757 Views
Last Modified: 2013-12-18
Hi all,

I'm having a argument with a company who is claiming that there are new conventions concerning sending email using SMTP.
Our email relayserver can't be reached using a reverse lookup and we don't want that, but some companys only accept mail when the reverse lookup is enabled.

What's your opinion? Where can I find the conventions about sending email over the internet?

Regards,

Bob
0
Comment
Question by:oosterbaan
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 12715546
As far as I know, this convention is self-imposed by the provider. Nevertheless, it is common practice by now to do a reverse lookup. Why do you want that your server cannot be found?
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 12715719
0
 
LVL 1

Author Comment

by:oosterbaan
ID: 12715900
Hi Sjef,

I know, maybe it's obsolete to "hide" the name of your mailrelay for security reasons, but I'm not the network guy, who don't want to use the reverse lookup (-:

What I'm looking for is a "hard copy" of some conventions where this "problem" is described, so I can confront the other company, who is rejecting our mail, or our network boys!

Regards,

Bob
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Expert Comment

by:xp_commander
ID: 12716510
I don't know if this is relevent to your problem or need , but a very interesting read :-  http://spf.pobox.com/index.html
0
 
LVL 46

Accepted Solution

by:
Sjef Bosman earned 100 total points
ID: 12717734
Digging up the network configuration of your environment is easily done. Using Linux, you can retrieve the outside DNS information using the domain name with one command. So if you give your mail address, please... ;)

I participated in a question quite recently, about an external service that receives mail, does some de-spamming and de-virusing, and then sends it on to the real mail-server through a secure connection. I'll be a bean if I can remember what the service was (poor Dutchism). I'll try to find it, if you think it's interesting.

To get more response, I think you should place additional 20 point questions in other TA's that discuss mail, like Networking. Put a link in that question to this question.
0
 
LVL 31

Assisted Solution

by:qwaletee
qwaletee earned 200 total points
ID: 12717812
It is becoming more common practice, and I think all the engineers who institute the policy are security crazies.

It is an effort to cut back on spam and viruses that spread like spam.  However, it ends up, in overly broad strokes, cutting out many smaller companies and people with personal domains, depending on the level of check.

Some examples of varying checks:

1) sending SMTP server has no in-arpa record -- this shoudl not hapen.  if you have your own dedicated T1 or better circuit, with your own static IP address, you shoudl be able to assign an in-arpa.  If you are using an IP address assigned and owned by your ISP, whether dynamic or static, that ISP really ought to register the in-arpa.  I agree with rejections of this sort.  If your ISP won't cooperate, geta  different ISP.

2) sending server has an in-arpa that does not match your e-Mail domain. Stupidest check you could conduct.  You woudl only have one in-arpa record for the IP, and if the SMTYP server at taht address supports multiple domains, there is no way to satisfy the requirement.

3) server must have matching mx record for domain.  I'm mixed on this one, beacuse it means you must put all your outbound SMTP servers as inbound as well. Though you can manage this with MX priority in your zone records, nevertheless, it means those servers have to expect to accept inbound messages.

4) sender ID (that's the pobox solution) -- special TXT records in DNS indicate where all your outbound mail will be sourced; any messages claiming to be from an address in your domain but arriving from an SMTP server not listed in sender ID will be rejected.  If the receivver does not accept mail fro domains without sender ID available, they must be mad, because most domains do nothave sender ID yet.  For domains with sender ID, this makes perfect sense.  Just be aware, if you set up sender ID, to alway be darn careful to update it BEFORE you add/change a mail server... because a good deal of your outbound mail will get rejected if you ever mess this up.

5) Do not accept mail without HELO (the HELO command starts most SMTP sessions, and includes the FQHN of the sender) --  agree with this wholeheartedly

6) Do not accept mail if the HELO's FQHN does not resolve to the IP address of the sending SMTP.  I also agree with this.  If you haev a static IP address, it is no problem whatsoever.  If you haev a dynamic IP, you are in trouble, but you can use a dynamic DNS server, such as DynDNS.org.  Of course, every time your IP address is changed, there is a window between the change and the dynamic DNS update, and messages sent during that period will fail.  In addition, because of DNS caching, this perod can be longer than you think.  Don't forget -- the dynamic DNS providers typically set TTL to zero or a very low number, but upstream DNS servers often specify a minimum cache time of 2 hours, 6 hours, or a day.  Sorry, Charlie, but you probably should move SMTP, FTP, and HTTP servers to static addresses.

Did I leave anything out?  I think there are a cople of other variants for these checks.
0
 
LVL 4

Assisted Solution

by:jjpaton
jjpaton earned 200 total points
ID: 12722476

The reverse lookup is becoming a very popular spam prevention tecnique, but it does result in a lot of false-positives. Is it part of RFC compliance? Not sure on that , but I don't think so. Either way you are best to set it up as a lot of companies and even some ISPs are starting to use it.

You could check the RFCs for SMTP. RFC2821 gives SMTP detail at this link ... http://www.faqs.org/rfcs/rfc2821.html

GL :)
0
 
LVL 1

Author Comment

by:oosterbaan
ID: 12724032
He Guys,

Splitted up the points and made a mistake in the "Accepted" and the "Assisted" status of the answer!
Can't change that, but thanks guys for the info!

Regards,

Bob
0
 
LVL 31

Expert Comment

by:qwaletee
ID: 12732314
JJ,

RFC does not require that the receiving server do this check.  I don't recall whether "truthful" HELO is required or just strongly suggested.  I think it actually wasn't clear, just saying that the token following HELO is the sending SMTP agent's FQHN.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For users on the Lotus Notes 8 Standard client, this article provides information on checking the Java Heap size and adjusting it to half of your system RAM in attempt to get the Lotus Notes 8.x Standard client to run faster.  I've had to exercise t…
This article covers general Notes 8.5 troubleshooting information including recreating the Notes\Data folder.
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
The Relationships Diagram is a good way to get an overall view of what a database is keeping track of. It is also where relationships are defined. A relationship specifies how two tables connect to each other. As you build tables in Microsoft Ac…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question