I'm proposing that people block SMTP clients which do not have a certain set of DNS records. I call this SMTP DNS authorization.
Crynwr Software operates a robot which can test DNS-based spam blocks. Spam is defined thusly. The first and most famous DNSL is the MAPS RBL (Mail Abuse Protection Service's Realtime Blackhole List). Unfortunately, because they deny accesses from my server, I cannot verify the accuracy of their databases, so I no longer support any MAPS products.
The full list includes:The robot's test is started by sending a piece of mail (any piece of mail) to one of the addresses above. You must send the email from the machine which you wish to test. If you cannot do this, then telnet to the smtp server and send mail by hand. The robot only tests for the one kind of block, so if you're using multiple blocking services you need to send multiple pieces of mail.
Alternately, you can telnet to ns1.crynwr.com from the server you want to test. It will test all of the supported DNSBLs and allow you to watch the SMTP conversation. Neat, eh?
Here's what the robot does:
So, the net effect is that if you get one reply (the SMTP dialogue), you're all set. If you get two replies, you're not blocking the addresses listed by the service you tested. If you get no reply within about ten minutes, either your envelope sender is wrong (which needs fixing anyway), or you are blocking the whole Crynwr Software subnet (NET-CRYNWR).
Crynwr Software sells support for qmail, a sendmail replacement Mail Transfer Agent written by Dan Bernstein. You can use Dan Bernstein's rblsmtpd, or ask Crynwr to install it for you.
We do not share any information about these tests with anyone else. Neither the fact that you have tested, nor the results of the test are made available to anyone. Each of the services which has a test listed is cooperating with Crynwr Software to the extent of listing an IP address on Crynwr's network (192.203.178). They know what that address is, and they could be logging DNS queries made against that address. That would only tell them that you tested. It would not tell them the results of the test, however they could run their own test against your server. I have no idea whether they do this or not, however the technology exists to make it possible. This is only a concern if you care whether they know if you tested or not. They can certainly notice that you are using their blocking service.