--Hadmut Danisch wrote on 03.03.03 14:45 +0100:
That's one of the bitter pills. As long as anyone with a
dynamic IP address is able to send mails with your address, then
there is no difference between the authorized sender and the abusing
attacker.
The RMX-record allows the owner of the domain to restrict abuse
of his domain by spammers and alike.
Those who want to limit the forging use the RMX (most likly Yahoo,
Hotmail and Outblaze, and all the others suffering from this).
Many people already accept mail from such often-forged freemail-
domains only from their legitimate hosts.
The real problem will be with forwarding accounts, the envelope-
sender should be replaced with the address of the forwarder.
Maybe you want to include a note about this in your proposal.
Let's assume you're working somewhere in california with ISP1,
but sometimes you're in New York and working with ISP2.
Then your RMX record could look like this:
jmason.org IN RMX (california.isp1.com newyork.isp2.com)
Wildcards would be nice too, and could solve the problem with
dynamically assigned hostnames.
which would still keep the door open for thousands of
IP addresses, but would block mails from Texas, India, Nepal...
Its usually easy to get the abuse stopped if all parties reside
on the same provider. But the proposal should include a note
about possible forgeries of RDNS if the hostnames dont get
double-checked.
(d) need to use an "allow all" 0/0 mask for mydomain.org.
That's also possible. That's a statement like "I don't want to
restrict origins for my domain". If you want to do so, that's fine.
But it might be my decision to not accept mails from such a domain
anymore.
I dont think that should be a part of the proposal.
There are enough domains which will use RMX anyway, and this will
put quite some pressure on the others.
The acceptance would be much better if you not trying to force the
usage of RMX to anybody. And of course everybody is still free
to block whatever he wants on the own server.
How do we solve this? Is there another solution?
Yup. Use Cryptography and have a PKI Infrastructure. Use
challenge-response authentication, mail signatures, or something
alike. But that's far more complicated, has severe vulnerabilities,
and requires updates of virtually every MUA.
This actually does not stop the spew at the side of the sender
since the whole message has to be received and parsed for the
cryptographic bits.
The solution probably would need an extended MAIL FROM where the
key of the sender gets appended (like the SIZE extension) to allow
rejection at the RCPT TO (per receipient) without actually receive
and parse the whole content.
The solution should probably also allow for an additional token
to be appended to the RCPT TO, for various reasons.
There is also another problem: if RMX gets widely used spammers
will use empty envelopes which can not be protected by RMX.
How could an RMX-compatible DSN be composed ?
Roland
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg