At 13:35 19/05/2002 +0200, Arnt Gulbrandsen wrote:
"Eric A. Hall" <ehall(_at_)ehsco(_dot_)com>
> Any comments on this approach?
It sounds like the first users of this would block some legitimate mail
and no spam.
Some legitimate mail, because all mail-blocking schemes do. No spam,
because neither spammers like Postmastergeneral nor clueless sites like
those Korean schools will add MS RRs in their zone files.
I don't think you understand Keith's idea very well.
What would happen in these situations is that the spammers will still be
able to send spam through their own mail servers, but they won't be able to
use '@hotmail.com' or '@yahoo.com' style email addresses. If they did, then
the receiving mail server would do a lookup for the MS/MX records to see if
that mail server is allowed to send mail from hotmail.com or yahoo.com
domains. Since it wouldn't be, your mail server would
remove/quarantine/filter/etc those messages.
If the spammers send spam through their own mail servers using imaginary
domains a mail server could theoretically detect that. You could use normal
mail filtering to filter mail that spammers send through their own mail
servers using their own domain names.
I think it's quite a good idea, and I wish people would run with the idea
to see how far it goes, rather than just being pessimistic about it.
There does need to be some way of authenticating the source of email to
start reducing spam which, to be honest, has the possibility of killing off
email. We have customers who have reduced their use of email because of all
the spam they're getting.
This proposed solution seems like quite a low cost way of implementing it,
within existing infrastructure.
No one would force an MTA to check these records.
This, MS probably wouldn't succeed: Noone would be the first to use it,
and if noone uses MS, noone will add it to their zone files (except those
few admins who added LOC records).
Actually, I reckon quite a few people would be 'the first' to implement the
software to check for MS records. Content filtering companies, firewall
companies etc would be glad to have some way of doing this type of
authentication.
Paul VPOP3 - Internet Email Server/Gateway
paul(_at_)pscs(_dot_)co(_dot_)uk http://www.pscs.co.uk/