In <20030306191718(_dot_)B4198310(_at_)exeter(_dot_)ac(_dot_)uk> Adam Back
<adam(_at_)cypherspace(_dot_)org> writes:
Guess you weren't listening. This was _all_ said before.
I don't know about Hadmut, but I was listening. I even reread the web
page about the DNS security problem. While I'm not convinced that RMX
records or domain specific DNSBLs will dramatically cut down on the
spam problem, I am certainly not convinced that the idea is bogus.
A) RMX is broken, due to reliance on DNS
Even with the birthday paradox attack, the spammer will have to send
out hundreds of forged DNS packets in order to have a good chance of
getting a bogus entry the target's DNS cache. This is both very
detectable and it also greatly increases the amount of work that a
spammer has to do.
This is a much more serious problem when a bogus DNS lookup can expose
someone's bank account or other things that could get a huge payoff
from just a single forged DNS entry. The payoff for the spammer is
almost nothing. Somehow I don't think that spammers are going to be
the ones that will motivate this DNS security problem to be closed.
B) (presuming you fix that in some way) if everyone did this then an
existing functionality -- the ability to send mail from different
accounts using existing defacto functionality, software and
infrastructure -- is lost.
Everyone would do this only if everyone didn't want to have their
domain names used indiscriminantly. Only domain name owners who want
to limit who can send email claiming to be from them would create RMX
records or create a domain specific DNSBL. Only MTAs that want to
respect domain name owner's wishes would enforce it.
Are you saying that domain name owners should not say who can use
their name and others should not be able to respect that request?
-wayne
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg