--Hadmut Danisch wrote on 04.03.03 10:28 +0100:
That doesn't generally work because the mail hub will tend to reject
mail so sent because you're coming from a different ISP. eg. sales
person uses aol.com, eartlink.net (or other international ISP) drops
of mail at mail.foo.com mail hub, and if the mail hub isn't vulnerable
to the open relay problem, it will reject the mail.
Hmm, I silently presumed that everybody is aware that we don't
have an open relay. The machine supports several kinds of
authentication through STARTTLS and SASL. You can drop mail only
if you authenticated before.
I think we can safely assume the wide availability of authenticated
ESMTP for everybody within the next years, even if its just based on
plain old pop-bevore-smtp.
It's basically the lack of authenticated ESMTP (and capable clients)
which forced ISP's to limit relaying to their own dialup-range.
Some also want the revenue generated from pay-by-call, but thats
covered in the (limited-)service-agreement.
Any company doing business via the internet should provide a secure
SSL/TLS-capable smarthost for security reasons anyway, and this will
be likely at the MSA-port 587 so port 25 blocks at the isp will have
no effect.
The other problem with RMX is that it relies on DNS which itself has
horrendous security vulnerabilities due to inherent limitations in the
protocol. RMX inherits them and so is inherently easy to spoof and
bypass. See for example: http://www.securityfocus.com/guest/17905
for a good survey paper on DNS vulnerabilities.
Agreed, but we won't get rid of DNS here, and in context of
mail transfer we need DNS anyway. Fixing the security problems of
DNS is the task of another IETF working group. We shouldn't try
to improve the whole world, but focus on spam.
Bulkers need to spew out millions of mails, they would need to poison
thausands of nameservers which is simply not feasible.
Such harmful manipulations are already covered by the laws in many
countries, and there are more secure alternatives to bind available.
Also I'm not sure as another poster noted how much it even helps:
disposable ISP free accounts (AOL CD syndrome) are a major source,
with RMX the problem is not even improved.
I don't see the problem. If anyone uses such a CD, she is still
limited to the aol domain and can't send e.g. as @hotmail.com or
@danisch.de.
Those freemail-services (I'll include AOL here...) are not any major
source of spam, its all the open relays and the dedicated spamhauses
which _pretend_ to come from there. Thats where RMX comes into play.
And an AOL-dialup simply has not enough bandwidth to be useful via
open proxies where a copy of the spam has to be sent individually
to each targeted server.
Spamming via open relays only required 1% of the bandwidth, but they
are mostly gone or too widely blocked to be useful anymore.
Roland
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg