On 10/30/09 6:49 AM, Eliot Lear wrote:
Early in the discussion, I thought we were talking about the envelope.
Validating the envelope seems to me useful, if only because it provides
a way to reduce the number of bytes sent, and believe it or not, this is
still a problem in certain parts of the developing world, where
bandwidth is still expensive. Right now some solve the problem with
upstream filtering. That has its own set of problems that are as much
political as technical.
Unless most connection are not accepted, a small network can not be
protected. Such a system would either depend upon external filtering or
a combination of IP address reputation, with perhaps the sampling
questionable connections to leverage IP address good reputation with
selective inclusion of IP addresses having unknown reputation.
A good defense would likely entail tracking EHLO hostnames looking for
consistency, simply because bot-nets notoriously provide inconsistent
information. This approach may block "localhost" hostnames and the like,
but these typical misconfigurations represent a small percentage of
What is left may then be confirmed as desired through other means. DKIM
might be such a means, especially when disparate elements can be
combined to offer unique identifiers that leverage prior trusted
elements. This might be an authorization of a mailing list from a known
From domain, for example. The authorization could be established
through the use of the TPA-Label. Even EHLO hostnames can be authorized
by this scheme.
The small network might then be able safely expand their acceptance
lists and perhaps eventually become fairly independent once the size of
this list has grown to a few million entries.
NOTE WELL: This list operates according to