-----Original Message-----
From: Postmaster [mailto:Postmaster(_at_)bellsouth(_dot_)com]
Subject: [Asrg] Problems that make the RMX proposal infeasible
--- Why can't the record just contain the IP range "owned" by the
domains
authorized mail servers?
I realize the a spammer can use a valid domain with a valid RMX and
this
would not cause a rejection, but at this point I can either put
pressure on
the ISP of that domain and/or block the IP altogether.
The point is that you _CAN'T_ put the pressure on anyone, since the RMX
authenticator is spoofed.
You can blacklist the IP, but that is no better than the status quo.
--- Is is slightly better because now I know for sure where they are from.
In either case, I now don't have to worry about someone claiming to be
from
Yahoo and actually from a Chinese relay server.
I am not adverse to a "solve-all" solution, but I truly don't think it
exists and if it does, it would be just too radical to implement all at
once.
Provided that you've done a recent lookup on yahoo.com and it is still
in your cache. BTW, yahoo.com has a TTL of 600 seconds.
What is it that you think RMX is buying you?
--- I realize that there are people out there that will spoof DNS etc. I do
not think that it is such a major issue. I think some people are failing to
see the big picture. I for one am not currently looking for an "end-all"
solution, but if one is found, I would not complain. I truly don't think
that there is a "magic bullet" solution to be had. RMX would just be one
tool in a tool chest. Start putting your fingers in the holes in the dike
and eventually the flood will turn to a trickle. Make it hard for a spammer
to spam and there will be less spammers.
I think that RMX and pure ISP administrative changes like credit card
flags, closing port 25, and billing commercial mailers would put a huge
dent
in the amount of spam received.
What would be required to make it work?
In a perfect world where everything worked as it is supposed to... How
would
this be implemented?
If we could eliminate all people who do bad things, then any protocol
will
work just fine. Since this is not possible today, so we have to use
protocols
that are resistant to attack. Why waste effort implementing a system
that
is fundamentally flawed?
--- Any system that has people on it that are bend on attacking it will be
attacked. It is not a flaw in the system, it is a flaw in the people. We do
the best with what we have. I am not out to reinvent the wheel, even if the
current one is a little oblong. I just don't want to wait until I retire to
see progress.
Don't get me wrong, I am not disagreeing with your assessment that an
attacked DNS would allow spam, however, what I do disagree with is that
suddenly all spammers will start doing this as a business operendi.
As far as the spam that DOES make it through that way, filters and other
tools can be used.
My delete finger works just fine. I am more concerned with the hundreds of
thousands of dollars I am spending on equipment, software and time just
trying to handle it all.
Regards,
Damon
*****
"The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential, proprietary, and/or
privileged material. Any review, retransmission, dissemination or other use
of, or taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from all
computers."
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg