On Fri, Sep 7, 2012 at 5:08 PM, Ewen McNeill
To echo this, it appears to be basically impossible to persuade a lot of organisations these days to put proper (eg, matching!) reverse/forward DNS in for their mail servers. [...]
Back before I threw up my hands and shifted my mail to Google, I ran qpsmtpd (perl MTA) with a bunch of custom modules, in front of postfix. My "secret sauce" which reduced my whitelist size a bit was what I called the "geeks on DSL" rule, although it also allowed mail from ccdhb.org.nz and other similar organisations. If you failed the "no reverse DNS" or "dynamic IP range" rules, I'd still allow your mail if the source IP was in the same /24 as any of the domain's MX records, A records, or www. A/CNAME/etc record. This worked surprisingly well, but I still had to maintain a growing whitelist.
Are you using greylisting? That still nets some good results still [...] I'd echo this too. ...
I found users were too used to email being instantaneous for greylisting to be useful -- I'd get too many "email is broken" complaints. Also the people I was contracting for ran a bizzare MacOS based email server that refused to retry sending emails, and I did quite like getting paid... donald