No it's not rhetoric. It's a statement of fact. DNS alone
doesn't solve this problem. If you want RMX to work, you need
to do one of the following:
1. patch the DNS protocol
2. patch DNS servers to keep track of multiple bogus responses
and inform the SMTP server
(what you're going to do when this happens is unclear. Since
they're UDP and spoofable, surely you're not proposing that
all data from that IP be dropped)
See any IDS list for details on the hazards of automated
filtering.
3. Add a NIDS that watches for lots of unasked for DNS replies
and communicates with your SMTP server.
If you're doing this much to compensate for a broken protocol,
you ought to re-evaluate the cost-benefit equation.
Perhaps we might get further if you just told us all your pet
theory rather than making us all wait till you have attacked
everything else.
You might find that we don't consider your pet theory to be
incompatible or in competition.
You appear to have the same problem Bruce Schneier had with security
before he wrote secrets and lies. The perfect is the enemy of the
good. Security is risk control, not risk elimination.
Spam is an infestation, we are not going to find a magic bullet.
We are going to have to fight a long war on many fronts. We shall
fight them with filters, we shall fight them with authenticated
mail, we shall fight them in the legislatures and in the court
room. We shall never surrender but if the Internet shall last a
thousand years it shall be said of us that this was our finnest
hour.
Phill
Phill
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg