Hi, I was looking for opinions on DNS validation within the Symantec Messaging Gateway product. I've recently migrated to v10.5.3-4 from an older version, and built new scanners to migrate to, rather than inplace upgrades. I deceided to tie down the security some more on the new boxes, including enabling all four of the DNS validation rules under Protocols > SMTP > Settings.
In the first week, I had calls from various senders with issues, mostly down to their EHLO domains not being correct, many were resolved, but due to the weight of 'valid' email being bounced, I disabled this rule as it was a fairly basic and easily bypassed protection.
More recently a supplier has been being blocked by the 2nd rule - "Reject connection where the reverse DNS record exists for the connecting IP address, but the 'A' or 'AAAA' record of the resulting domain does not match the connecting IP address" - FCrDNS. I pointed the issue out with their systems being misconfigured, but rather than the 'whoops, thanks for pointing that out', they're being rather obstructive and basically refusing to fix the problem.
As many of our staff rely on emails from this sender to operate, i've had to disable the rule while discussions continue.
My question is, am I being awkward having this rule switched on?, it seems the FCrDNS is not widely adopted, but it is a standard, and i can't see why anyone WOULDN'T conform to it, what is the community's opinion?
Thanks