サイトマップ | 連絡先 | IAjapan TOP
IAjapan 財団法人インターネット協会
有害情報対策ポータルサイト 迷惑メール対策編
  • 一般利用者の皆様へ
  • メール管理者の皆様へ
  • 関連情報
  • サイト紹介

Page 17

Experimental method identifiers MUST only be used within ADMDs that have explicitly consented to use them.  These method identifiers and the parameters associated with them are not documented in RFCs. Therefore, they are subject to change at any time and not suitable for production use.  Any MTA, MUA, or downstream filter intended for production use SHOULD ignore or delete any Authentication-Results header field that includes an experimental method identifier.


3.  The “iprev” Authentication Method

This section defines an additional authentication method called “iprev”.

3.  認証方式“iprev”


In general, “iprev” is an attempt to verify that a client appears to be valid based on some DNS queries.  Upon receiving a session initiation of some kind from a client, the IP address of the client peer is queried for matching names (i.e., a number-to-name translation, also known as a “reverse lookup” or a “PTR” record query).  Once that result is acquired, a lookup of each of the names (i.e., a name-to-number translation, or an “A” or “AAAA” record query) thus retrieved is done.  The response to this second check should result in at least one mapping back to the client’s IP address.

概して、“iprev”は何らかのDNS問い合わせに基づいてクライアントが友好だと考えられることを検証する認証方式である。クライアントからの何らかの種類のセッション初期化の受信に際して、クライアント側のIPアドレスに合致する名前があるかが問い合わせられる(たとえば、アドレスから名前への変換、またの名「逆引き(reverse lookup)」または“PTR”レコード問い合わせ)。結果が取得されたら、取得された名前それぞれについての検索(たとえば、アドレスから名前への変換[「逆引き(reverse lookup)」または“PTR”レコード問い合わせとも呼ばれる])が行われる。この第2段階の検査への応答では、クライアントIPアドレスへのマッピングが少なくとも1つ返されるべきである。

More algorithmically: if the client peer’s IP address is I, the list of names to which I maps (after a “PTR” query) is the set N, and the union of IP addresses to which each member of N maps (after corresponding “A” and “AAAA” queries) is L, then this test is successful if I is an element of L.


The response to a PTR query could contain multiple names.  To prevent heavy DNS loads, agents performing these queries MUST be implemented such that the number of names evaluated by generation of corresponding A or AAAA queries is finite, though it MAY be configurable by an administrator.  As an example, Section 5.5 of [SPF] chose a limit of 10 for its implementation of this algorithm.


[DNS-IP6] discusses the query formats for the IPv6 case.


A successful test using this algorithm constitutes a result of “pass” since the ADMD in which the client’s PTR claims it belongs has confirmed that claim by including corresponding data in its DNS domain.  A failure to match constitutes a “fail”.  There is no case in which a “neutral” result can be returned.  The remaining “temperror” and “permerror” cases refer, respectively, to temporary and permanent DNS query errors.



 [Page 17]

《PREV》 1 4 7 10 13 16 19 22 25 28 31 34 37 40 43 
リンク・転載・引用・ロゴ使用について | プライバシーポリシー | IAjapanについて | 連絡先