Conventions about sending email

Hi all,

I'm having a argument with a company who is claiming that there are new conventions concerning sending email using SMTP.
Our email relayserver can't be reached using a reverse lookup and we don't want that, but some companys only accept mail when the reverse lookup is enabled.

What's your opinion? Where can I find the conventions about sending email over the internet?

Regards,

Bob
LVL 1
oosterbaanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sjef BosmanGroupware ConsultantCommented:
As far as I know, this convention is self-imposed by the provider. Nevertheless, it is common practice by now to do a reverse lookup. Why do you want that your server cannot be found?
0
Sjef BosmanGroupware ConsultantCommented:
0
oosterbaanAuthor Commented:
Hi Sjef,

I know, maybe it's obsolete to "hide" the name of your mailrelay for security reasons, but I'm not the network guy, who don't want to use the reverse lookup (-:

What I'm looking for is a "hard copy" of some conventions where this "problem" is described, so I can confront the other company, who is rejecting our mail, or our network boys!

Regards,

Bob
0
Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

xp_commanderCommented:
I don't know if this is relevent to your problem or need , but a very interesting read :-  http://spf.pobox.com/index.html
0
Sjef BosmanGroupware ConsultantCommented:
Digging up the network configuration of your environment is easily done. Using Linux, you can retrieve the outside DNS information using the domain name with one command. So if you give your mail address, please... ;)

I participated in a question quite recently, about an external service that receives mail, does some de-spamming and de-virusing, and then sends it on to the real mail-server through a secure connection. I'll be a bean if I can remember what the service was (poor Dutchism). I'll try to find it, if you think it's interesting.

To get more response, I think you should place additional 20 point questions in other TA's that discuss mail, like Networking. Put a link in that question to this question.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
qwaleteeCommented:
It is becoming more common practice, and I think all the engineers who institute the policy are security crazies.

It is an effort to cut back on spam and viruses that spread like spam.  However, it ends up, in overly broad strokes, cutting out many smaller companies and people with personal domains, depending on the level of check.

Some examples of varying checks:

1) sending SMTP server has no in-arpa record -- this shoudl not hapen.  if you have your own dedicated T1 or better circuit, with your own static IP address, you shoudl be able to assign an in-arpa.  If you are using an IP address assigned and owned by your ISP, whether dynamic or static, that ISP really ought to register the in-arpa.  I agree with rejections of this sort.  If your ISP won't cooperate, geta  different ISP.

2) sending server has an in-arpa that does not match your e-Mail domain. Stupidest check you could conduct.  You woudl only have one in-arpa record for the IP, and if the SMTYP server at taht address supports multiple domains, there is no way to satisfy the requirement.

3) server must have matching mx record for domain.  I'm mixed on this one, beacuse it means you must put all your outbound SMTP servers as inbound as well. Though you can manage this with MX priority in your zone records, nevertheless, it means those servers have to expect to accept inbound messages.

4) sender ID (that's the pobox solution) -- special TXT records in DNS indicate where all your outbound mail will be sourced; any messages claiming to be from an address in your domain but arriving from an SMTP server not listed in sender ID will be rejected.  If the receivver does not accept mail fro domains without sender ID available, they must be mad, because most domains do nothave sender ID yet.  For domains with sender ID, this makes perfect sense.  Just be aware, if you set up sender ID, to alway be darn careful to update it BEFORE you add/change a mail server... because a good deal of your outbound mail will get rejected if you ever mess this up.

5) Do not accept mail without HELO (the HELO command starts most SMTP sessions, and includes the FQHN of the sender) --  agree with this wholeheartedly

6) Do not accept mail if the HELO's FQHN does not resolve to the IP address of the sending SMTP.  I also agree with this.  If you haev a static IP address, it is no problem whatsoever.  If you haev a dynamic IP, you are in trouble, but you can use a dynamic DNS server, such as DynDNS.org.  Of course, every time your IP address is changed, there is a window between the change and the dynamic DNS update, and messages sent during that period will fail.  In addition, because of DNS caching, this perod can be longer than you think.  Don't forget -- the dynamic DNS providers typically set TTL to zero or a very low number, but upstream DNS servers often specify a minimum cache time of 2 hours, 6 hours, or a day.  Sorry, Charlie, but you probably should move SMTP, FTP, and HTTP servers to static addresses.

Did I leave anything out?  I think there are a cople of other variants for these checks.
0
jjpatonCommented:

The reverse lookup is becoming a very popular spam prevention tecnique, but it does result in a lot of false-positives. Is it part of RFC compliance? Not sure on that , but I don't think so. Either way you are best to set it up as a lot of companies and even some ISPs are starting to use it.

You could check the RFCs for SMTP. RFC2821 gives SMTP detail at this link ... http://www.faqs.org/rfcs/rfc2821.html

GL :)
0
oosterbaanAuthor Commented:
He Guys,

Splitted up the points and made a mistake in the "Accepted" and the "Assisted" status of the answer!
Can't change that, but thanks guys for the info!

Regards,

Bob
0
qwaleteeCommented:
JJ,

RFC does not require that the receiving server do this check.  I don't recall whether "truthful" HELO is required or just strongly suggested.  I think it actually wasn't clear, just saying that the token following HELO is the sending SMTP agent's FQHN.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Lotus IBM

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.