temmokan Posted June 13, 2012 Share Posted June 13, 2012 Hello, The story so far: a spam complaint is received, sent through SpamCop, and while studying headers of the original spam message, I notice that although PTR record for spam origin returns a domain name 9say, example.com), the actual A records for example.com do not match the spam origin IP. That means a false/out-of-date PTR record(s) exists that makes SpamCop decide the domain owner is at fault and their server works as spam source. In reality, IP has nothing to with example.com. hat could be avoided if the check were made to make sure that both PTR returns a domain name *and* domain has at least one A/AAAA record matching the one reported. Otherwise, it opens wide possibilities to compromise any legitimate domain: create a false PTR for it, use the IP as spam source and voila - the domain owner will have to prove they aren't spammers. Is the mentioned A-PTR comparison made currently when analyzing the spam messages? Thanks. Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.