>> Humm. How about a process that not only checks that the source IP
>> address can be resolved to a valid host, but that it can be resolved
>> back to a system which also has a valid MX record.
>> Just a thought...
>Why would it have to resolve to a valid MX record? MX records are
>required if the mail shouldn't be returned to the sending host.
>Just my thoughts,
I was thinking from a security perspective. For example, if I telnet
port 25 of your mail host and you are checking to insure that my IP
address has a valid host name, your machine will accept the connection.
If however, your machine checks to see if I am a valid mail system
(i.e. MX record check), it would deny the connection.
True this is not bulletproof, but it does add another layer of
validation checking to make mail spoofing that much more difficult.