ietf-asrg
[Top] [All Lists]

RE: [Asrg] Problems that make the RMX proposal infeasible

2003-03-06 15:32:15
-----Original Message-----
From: Postmaster [mailto:Postmaster(_at_)bellsouth(_dot_)com] 
Subject: [Asrg] Problems that make the RMX proposal infeasible

--- Why can't the record just contain the IP range "owned" by the
domains
authorized mail servers?

I realize the a spammer can use a valid domain with a valid RMX and
this
would not cause a rejection, but at this point I can either put
pressure on
the ISP of that domain and/or block the IP altogether.
The point is that you _CAN'T_ put the pressure on anyone, since the RMX
authenticator is spoofed.

You can blacklist the IP, but that is no better than the status quo.

In either case, I now don't have to worry about someone claiming to be
from
Yahoo and actually from a Chinese relay server.
I am not adverse to a "solve-all" solution, but I truly don't think it
exists and if it does, it would be just too radical to implement all at
once.
Provided that you've done a recent lookup on yahoo.com and it is still
in your cache.  BTW, yahoo.com has a TTL of 600 seconds.  

What is it that you think RMX is buying you?

I think that RMX and pure ISP administrative changes like credit card
flags, closing port 25, and billing commercial mailers would put a huge
dent
in the amount of spam received.

What would be required to make it work?
In a perfect world where everything worked as it is supposed to... How
would
this be implemented?
If we could eliminate all people who do bad things, then any protocol
will
work just fine.  Since this is not possible today, so we have to use
protocols
that are resistant to attack.  Why waste effort implementing a system
that
is fundamentally flawed?


                Jonathan

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>