I. ASRG can not send documents protocols to IETF for
"protocols", they
can only be or something that may become "informational" RFC
Semantics. Whatever. I'll submit it as a private draft.
II. What you're proposing is just like SRV RMX record.
Actually, no. From what I've read on RMX it's not IP based. It's too easy
to falsify anything else.
Your point that DNS does not support it yet is not
appropriate - you expect sites to update software to support
DS draft but not update their dns software...
I means if domain has to put this record in, it might as well
update dns software, not that complex
Tell that to a Microsoft house[1]. Especially a M$ house not upgrading to
Win2003 Server because they don't trust it.
III. As I already mentioned multiple times before this is typical
"RMX/Mail-From" style proposal which has the following problems:
1.You only authenticate MAIL FROM header but if "From:" is
forged, that
is what user will see on their MUA, not MAIL FROM.
I'm not interested in the body of the message. Yes, it's easy to falsify
the headers or the envelope. I'm saying these forgeries will be easier to
track for sites using DS.
I'm also not deluded into thinking this will solve all mail forgeries. I'm
only interested in accountability, and this improves accountability
dramatically for little cost - updating the MTA only and adding a few DNS
records.
2.Breaks mailing lists (all have to be whitelisted - see:
https://www1.ietf.org/mail-archive/working-groups/asrg/currest
/msg00762.html
All mailing lists I subscribe to have either
$listname-request(_at_)list(_dot_)host or
a complicated return envelope for tracking bounces. And I subscribe to
majordomo, listserv, yahoogroups and EMWAC IMS based lists. I'll show you
some log entries from my mail server:
<B0000025417(_at_)srv1(_dot_)fecyk(_dot_)ca> [22/Mar/2003:11:19:37]
209.228.33.247
c007.snv.cp.net
blst-errors(_dot_)300002469(_dot_)805908187(_dot_)844622903(_dot_)008(_dot_)15118(_dot_)0(_at_)boing(_dot_)topica(_dot_)com
mmajor(_at_)pan-am(_dot_)ca
<B0000025514(_at_)srv1(_dot_)fecyk(_dot_)ca> [22/Mar/2003:22:32:04]
209.228.33.246
c007.snv.cp.net
sentto-113989-4623-1048393919-mmajor=Astronomi-con(_dot_)com(_at_)returns(_dot_)groups(_dot_)yahoo(_dot_)
com mmajor(_at_)pan-am(_dot_)ca
<B0000025510(_at_)srv1(_dot_)fecyk(_dot_)ca> [22/Mar/2003:22:03:33]
209.119.0.109
cherry.ease.lsoft.com owner-SPAM-L(_at_)PEACH(_dot_)EASE(_dot_)LSOFT(_dot_)COM
gordonf(_at_)FECYK(_dot_)CA
<B0000025519(_at_)srv1(_dot_)fecyk(_dot_)ca> [23/Mar/2003:00:51:33] 132.151.1.19
www1.ietf.org asrg-admin(_at_)ietf(_dot_)org gordonf(_at_)pan-am(_dot_)ca
(repeated several times)
<B0000025536(_at_)srv1(_dot_)fecyk(_dot_)ca> [23/Mar/2003:06:33:12]
65.198.151.222
web8.gemini.dice.com jobs(_at_)jobmail(_dot_)dice(_dot_)com
gordonf(_at_)fecyk(_dot_)ca
<B0000025544(_at_)srv1(_dot_)fecyk(_dot_)ca> [23/Mar/2003:08:35:50]
207.195.213.10
poet.minstrel.com owner-nordskogen(_at_)poet(_dot_)minstrel(_dot_)com
gordonf(_at_)fecyk(_dot_)ca
You're telling me that these will break under DS protocol and will have to
be whitelisted? They all have return-paths pointing back to something other
than the original sender, usually the list owner or sometimes a bounce
processor. These would not be blocked under DS.
Mailing lists that don't do that are broken already.
3.Breaks majority of forwarding configurations. Again you have to
whitelist servers that may forward email to your server. Here the
situation is little worth, because spammers often put the
use the same
domains in their from (ok, used to do it 2 years ago, now
using free
mail services like yahoo or hotmail is more common)
Now these would require changes to MTA software and I freely admitted that.
4.Roaming users (like me on IETF conference) can not send
email directly
and have to authentication with their "home" mail server.
SMTP AUTH, POPAUTH, etc take care of this. It's actually my point - you
should use the resources you're authorized to use. I can roam, hell I've
even had to sit on someone's Charter connection, then Earthlink, then some
local ISP during my last road trip, and I could still send mail through my
own server.
[1] And you're deluded if you say that anyone running MS server software is
not worthy/asking for trouble/a waste of time/etc. Fact is, it's out there
and there isn't thing-one we can do about it.
--
PGP key (0x0AFA039E):
<http://www.pan-am.ca/consulting(_at_)pan-am(_dot_)ca(_dot_)asc>
What's a PGP Key? See <http://www.pan-am.ca/free.html>
GOD BLESS AMER, er, THE INTERNET. <http://vmyths.com/rant.cfm?id=401&page=4>
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg