ietf-asrg
[Top] [All Lists]

Re: [Asrg] Re: RMX Records

2003-03-03 07:16:18
On Mon, 3 Mar 2003, Hadmut Danisch wrote:

Your RMX records could state that your mail comes from this
certain SMTP server only. How you ensure authenticity within this
server, that's your private business and beyond the scope of the
draft. But that's a design criteria. In contrast to PKI, I want
to leave it the domain owner's private business whether and how
intra-domain-authenticity is checked.

Right.  But a lot of people don't like having to relay through
their ISP's server.  Some ISP's, for example, won't let you send
mail from any domain but theirs.  So I could not send mail from
"dfs(_at_)roaringpenguin(_dot_)com" through my ISP's server; it would
have to be from "dfs(_at_)myispdomain(_dot_)net" or something like that.

- What's the technical difference between you on the road and
  and Spammer?

None.

  How will you distinguish your mail from a spammers
  mail abusing your domain?

You can't.

- Even when I'm on the road and using a foreign ISP on the other
  side of the world, I always drop my email to the very same relay
  machine, simply because thats easier.

Well, you are technically savvy, so you know how to set up SMTP AUTH to
make this work.  The vast majority of people don't.

[...]

  If you receive e-mail through a central relay, so what's the
  problem with sending e-mail the very same way?

In theory, I agree, but in practice, I do not think most people will
go for it.  Also, it's very cheap to register domains and set up RMX
records, so the extra cost to spammers is small.  A spammer that charges
$500 to send out bulk e-mail can easily charge $520 instead, and register
a one-time disposable domain name for the purpose.

Where these kinds of records might help is with the large free e-mail
providers like hotmail, yahoo, etc.  But I already have rules to reject
e-mail from these domains unless the sending host name (a) resolves and
(b) ends in the same domain as the sender domain.  Hotmail and Yahoo are
pretty good about keeping their reverse-DNS records up to date, and this
is very effective.

Widespread use of RMX records would simply make spammers choose not to
fake their e-mail from "hotmail.com" or "yahoo.com".

--
David.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>