Re: [Asrg] Position paper, in zipped HTML

Ronald F. Guilmette wrote:

> > As Vernon has commented a few times, there's no way to tell whether that 
> > is legitimate or not.  If I mailed from here using a hotmail address, is 
> > it fake?  You can't tell, short of determining whether I own the hotmail 
> > address in question.  Certainly, given things like the abysmal lack of 
> > proper rDNS setups in small-business setups (eg: wanadoo, BT, China, 
> > Korea, telesp) there's no way to tell what the right domain _is_ for a 
> > given mail server.
> Two points:
> First, by and large Wanadoo space, BT space, and Telesp space almost all
> _does_ have at least _some_ inverse DNS.
I said "proper" DNS - that doesn't include those with pool ids instead 
of proper name assignment.
> In a nutshell, if some SMTP client says to you `HELO foo.bar.com' then
> 6 times out of 10 a forward lookup on `foo.bar.com' will get you the
> IP address of that same SMTP client and another 3 times out of 10,
> looking up the MX records for `bar.com' will get you the IP address
> of that same SMTP client.  So 9 times out of 10 you can accurately
> associate a domain name with a given SMTP client, even in the total
> absence of rDNS.
That presumes, for example, that every mail server is only authoritive 
for one domain.  That breaks even for us.  Breaks hugely for people with 
their own domains mailing thru ISP servers - which we want them to do if 
they're DHCP (for example).
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg